Nicht aus der Schweiz? Besuchen Sie lehmanns.de
Security Monitoring with Cisco Security MARS - Gary Halleen, Greg Kellogg

Security Monitoring with Cisco Security MARS

Buch | Softcover
336 Seiten
2007
Cisco Press (Verlag)
978-1-58705-270-5 (ISBN)
CHF 71,75 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
Security Monitoring with Cisco Security MARS

 

Threat mitigation system deployment

 

Gary Halleen

Greg Kellogg

 

Networks and hosts are probed hundreds or thousands of times a day in an attempt to discover vulnerabilities. An even greater number of automated attacks from worms and viruses stress the same devices. The sheer volume of log messages or events generated by these attacks and probes, combined with the complexity of an analyst needing to use multiple monitoring tools, often makes it impossible to adequately investigate what is happening.

 

Cisco® Security Monitoring, Analysis, and Response System (MARS) is a next-generation Security Threat Mitigation system (STM). Cisco Security MARS receives raw network and security data and performs correlation and investigation of host and network information to provide you with actionable intelligence. This easy-to-use family of threat mitigation appliances enables you to centralize, detect, mitigate, and report on priority threats by leveraging the network and security devices already deployed in a network, even if the devices are from multiple vendors.

 

Security Monitoring with Cisco Security MARS helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face. Additionally, this book teaches you how to use the advanced features of the product, such as the custom parser, Network Admission Control (NAC), and global controller operations. Through the use of real-world deployment examples, this book leads you through all the steps necessary for proper design and sizing, installation and troubleshooting, forensic analysis of security events, report creation and archiving, and integration of the appliance with Cisco and third-party vulnerability assessment tools.

 

“In many modern enterprise networks, Security Information Management tools are crucial in helping to manage, analyze, and correlate a mountain of event data. Greg Kellogg and Gary Halleen have distilled an immense amount of extremely valuable knowledge in these pages. By relying on the wisdom of Kellogg and Halleen embedded in this book, you will vastly improve your MARS deployment.”

—Ed Skoudis, Vice President of Security Strategy, Predictive Systems

 

Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems as well as remote-access and routing/switching technology. Gary is a CISSP and ISSAP. His diligence was responsible for the first successful computer crimes conviction in the state of Oregon. Gary is a regular speaker at security events and presents at Cisco Networkers conferences.

 

Greg Kellogg is the vice president of security solutions for Calence, LLC. He is responsible for managing the company’s overall security strategy. Greg has more than 15 years of networking industry experience, including serving as a senior security business consultant for the Cisco Enterprise Channel organization. Additionally, Greg worked for Protego Networks, Inc. (where MARS was originally developed). There he was responsible for developing channel partner programs and helped solution providers increase their security revenue.

 

Learn the differences between various log aggregation and correlation systems



Examine regulatory and industry requirements
Evaluate various deployment scenarios
Properly size your deployment
Protect the Cisco Security MARS appliance from attack
Generate reports, archive data, and implement disaster recovery plans
Investigate incidents when Cisco Security MARS detects an attack
Troubleshoot Cisco Security MARS operation
Integrate Cisco Security MARS with Cisco Security Manager, NAC, and third-party devices
Manage groups of MARS controllers with global controller operations

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Cisco Press—Security

Covers: Security Threat Mitigation

 

 

Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems, remote access, and routing/switching technology. Gary is a CISSP and ISSAP and has been a technical editor for Cisco Press. Before working at Cisco, he wrote web-based software, owned an Internet service provider, worked in Information Technology at a college, and taught computer science courses. His diligence was responsible for the first successful computer crimes conviction in the state of Oregon. Gary is a regular speaker at security events, and he presents at Cisco Networkers conferences. He lives in Salem, Oregon, with his wife and children. Greg Kellogg is the vice president of security solutions for Calence, LLC, which is based out of Tempe, Arizona. He is responsible for managing the company’s overall security strategy, as well as developing new security solutions and service offerings, establishing strategic partnerships, managing strategic client engagements, and supporting business development efforts. Greg has more than 15 years of networking industry experience, including serving as a senior security business consultant for the Cisco Systems Enterprise Channel organization. While at Cisco, Greg helped organizations understand regulatory compliance, policy creation, and risk analysis to guide their security implementations. He was recognized for his commitment to service with the Cisco Technology Leader of the Year award. Additionally, Greg worked for Protego Networks, Inc. (where MARS was originally developed). While there, he was responsible for developing channel partner programs and helping solution providers increase their security revenue. Greg currently resides in Spring Branch, Texas, with his wife and four children.  

Foreword

Introduction

Part I Introduction to CS-MARS and Security Threat Mitigation

Chapter 1 Introducing CS-MARS

Introduction to Security Information Management

    The Role of a SIM in Today’s Network

    Common Features for SIM Products

    Desirable Features for SIM Products

Challenges in Security Monitoring

    Types of Events Messages

Understanding CS-MARS

    Security Threat Mitigation System

    Topology and Visualization

    Robust Reporting and Rules Engine

    Alerts and Mitigation

    Description of Terminology

CS-MARS User Interface

    Dashboard

    Network Status

    My Reports

Summary

Chapter 2 Regulatory Challenges in Depth

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

    Who Is Affected by HIPAA?

    What Are the Penalties for Noncompliance?

    HIPAA Security Rule

    HIPAA Security Rule and Security Monitoring

Gramm-Leach-Bliley Act of 1999 (GLB Act)

    Who Is Affected by the GLB Act?

    What Are the Penalties for Noncompliance with GLB?

    The GLB Act Safeguards Rule

    The GLB Safeguards Rule and Security Monitoring

The Sarbanes-Oxley Act of 2002 (SOX)

    Who Is Affected by Sarbanes-Oxley?

    What Are the Penalties for Noncompliance with Sarbanes-Oxley?

    Sarbanes-Oxley Internal Controls

Payment Card Industry Data Security Standard (PCI-DSS)

    Who Is Affected by the PCI Data Security Standard?

    What Are the Penalties for Noncompliance with PCI-DSS?

    The PCI Data Security Standard

    Compliance Validation Requirements

Summary

Chapter 3 CS-MARS Deployment Scenarios

Deployment Types

    Local and Standalone Controllers

    Global Controllers

Sizing a CS-MARS Deployment

    Special Considerations for Cisco IPSs

    Determining Your Events per Second

    Determining Your Storage Requirements

    Considerations for Reporting Performance

    Considerations for Future Growth and Flood Conditions

    Planning for Topology Awareness

CS-MARS Sizing Case Studies

    Retail Chain Example

    State Government Example

    Healthcare Example

Summary

Part II CS-MARS Operations and Forensics

Chapter 4 Securing CS-MARS

Physical Security

Inherent Security of MARS Appliances

Security Management Network

MARS Communications Requirements

Network Security Recommendations

    Ingress Firewall Rules

    Egress Firewall Rules

    Network-Based IDS and IPS Issues

Summary

Chapter 5 Rules, Reports, and Queries

Built-In Reports

Understanding the Reporting Interface

    Reporting Methods

    The Query Interface

Creating an On-Demand Report

Batch Reports and the Report Wizard

Creating a Rule

    About Rules

    Creating the Rule

Creating Drop Rules

    About Drop Rules

    Creating the Drop Rule

Summary

Chapter 6 Incident Investigation and Forensics

Incident Handling and Forensic Techniques

    Initial Incident Investigation

    Viewing Incident Details

    Finishing Your Investigation

False-Positive Tuning

    Deciding Where to Tune

    Tuning False Positives in MARS

Summary

Chapter 7 Archiving and Disaster Recovery

Understanding CS-MARS Archiving

    Planning and Selecting the Archive Server

    Configuring the Archiving Server

    Configuring CS-MARS for Archiving

Using the Archives

    Restoring from Archive

    Restoring to a Reporting Appliance

    Direct Access of Archived Events

    Retrieving Raw Events from Archive

Summary

Part III CS-MARS Advanced Topics

Chapter 8 Integration with Cisco Security Manager

Configuring CS-Manager to Support CS-MARS

Configuring CS-MARS to Integrate with CS-Manager

Using CS-Manager Within CS-MARS

Summary

Chapter 9 Troubleshooting CS-MARS

Be Prepared

Troubleshooting MARS Hardware

    Beeping Noises

    Degraded RAID Array

Troubleshooting Software and Devices

    Unknown Reporting Device IP

    Check Point or Other Logs Are Incorrectly Parsed

    New Monitored Device Logs Still Not Parsed

    How Much Storage Is Being Used, and How Long Will It Last?

    E-Mail Notifications Sent to Admin Group Never Arrive

    MARS Is Not Receiving Events from Devices

Summary

Chapter 10 Network Admission Control

Types of Cisco NAC

    NAC Framework Host Conditions

    Understanding NAC Framework Communications

Configuration of CS-MARS for NAC

    Framework Reporting

Information Available on CS-MARS

Summary

Chapter 11 CS-MARS Custom Parser

Getting Messages to CS-MARS

Determining What to Parse

Adding the Device or Application Type

Adding Log Templates

    First Log Template

    Second and Third Log Templates

    Fourth and Fifth Log Templates

    Additional Messages

Adding Monitored Device or Software

Queries, Reports, and Rules

    Queries

    Reports

    Rules

Custom Parser for Cisco CSC Module

Summary

Chapter 12 CS-MARS Global Controller

Understanding the Global Controller

Zones

Installing the Global Controller

    Enabling Communications Between Controllers

    Troubleshooting

Using the Global Controller Interface

    Logging In to the Controller

    Dashboard

    Drilling Down into an Incident

    Query/Reports

    Local Versus Global Rules

    Security and Monitor Devices

    Custom Parser

    Software Upgrades

Global Controller Recovery

Summary

Part IV Appendixes

Appendix A Querying the Archive

Appendix B CS-MARS Command Reference

Appendix C Useful Websites

Index

 

1587052709   TOC   6/11/2007

Erscheint lt. Verlag 19.7.2007
Verlagsort Indianapolis
Sprache englisch
Maße 229 x 187 mm
Gewicht 553 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Weitere Themen Zertifizierung
ISBN-10 1-58705-270-9 / 1587052709
ISBN-13 978-1-58705-270-5 / 9781587052705
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
CHF 48,95
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
CHF 97,95

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
CHF 39,20