Security Monitoring with Cisco Security MARS
Gary Halleen, Greg Kellogg
- 出版商: Cisco Press
- 出版日期: 2007-07-16
- 售價: $2,450
- 貴賓價: 9.5 折 $2,328
- 語言: 英文
- 頁數: 336
- 裝訂: Paperback
- ISBN: 1587052709
- ISBN-13: 9781587052705
-
相關分類:
Cisco、資訊安全
立即出貨 (庫存=1)
買這商品的人也買了...
-
$580$493 -
$450$383 -
$450$383 -
$580$493 -
$720$569 -
$480$408 -
$490$382 -
$480$408 -
$620$490 -
$550$468 -
$620$484 -
$290$226 -
$600$480 -
$880$695 -
$1,225Programming Windows Embedded CE 6.0 Developer Reference, 4/e (Paperback)
-
$740$585 -
$1,180$1,003 -
$680$530 -
$380$342 -
$1,570$1,492 -
$580$522 -
$520$442 -
$480$379 -
$530$199 -
$520$411
相關主題
商品描述
Description
Security Monitoring with Cisco Security MARS
Threat mitigation system deployment
Gary Halleen
Greg Kellogg
Networks and hosts are probed hundreds or thousands of times a day in an attempt to discover vulnerabilities. An even greater number of automated attacks from worms and viruses stress the same devices. The sheer volume of log messages or events generated by these attacks and probes, combined with the complexity of an analyst needing to use multiple monitoring tools, often makes it impossible to adequately investigate what is happening.
Cisco® Security Monitoring, Analysis, and Response System (MARS) is a next-generation Security Threat Mitigation system (STM). Cisco Security MARS receives raw network and security data and performs correlation and investigation of host and network information to provide you with actionable intelligence. This easy-to-use family of threat mitigation appliances enables you to centralize, detect, mitigate, and report on priority threats by leveraging the network and security devices already deployed in a network, even if the devices are from multiple vendors.
Security Monitoring with Cisco Security MARS helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face. Additionally, this book teaches you how to use the advanced features of the product, such as the custom parser, Network Admission Control (NAC), and global controller operations. Through the use of real-world deployment examples, this book leads you through all the steps necessary for proper design and sizing, installation and troubleshooting, forensic analysis of security events, report creation and archiving, and integration of the appliance with Cisco and third-party vulnerability assessment tools.
“In many modern enterprise networks, Security Information Management tools are crucial in helping to manage, analyze, and correlate a mountain of event data. Greg Kellogg and Gary Halleen have distilled an immense amount of extremely valuable knowledge in these pages. By relying on the wisdom of Kellogg and Halleen embedded in this book, you will vastly improve your MARS deployment.”
—Ed Skoudis, Vice President of Security Strategy, Predictive Systems
Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems as well as remote-access and routing/switching technology. Gary is a CISSP and ISSAP. His diligence was responsible for the first successful computer crimes conviction in the state of Oregon. Gary is a regular speaker at security events and presents at Cisco Networkers conferences.
Greg Kellogg is the vice president of security solutions for Calence, LLC. He is responsible for managing the company’s overall security strategy. Greg has more than 15 years of networking industry experience, including serving as a senior security business consultant for the Cisco Enterprise Channel organization. Additionally, Greg worked for Protego Networks, Inc. (where MARS was originally developed). There he was responsible for developing channel partner programs and helped solution providers increase their security revenue.
Learn the differences between various log aggregation and correlation systems
- Examine regulatory and industry requirements
- Evaluate various deployment scenarios
- Properly size your deployment
- Protect the Cisco Security MARS appliance from attack
- Generate reports, archive data, and implement disaster recovery plans
- Investigate incidents when Cisco Security MARS detects an attack
- Troubleshoot Cisco Security MARS operation
- Integrate Cisco Security MARS with Cisco Security Manager, NAC, and third-party devices
- Manage groups of MARS controllers with global controller operations
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Cisco Press—Security
Covers: Security Threat Mitigation
Table of Contents
Foreword
Introduction
Part I Introduction to CS-MARS and Security Threat Mitigation
Chapter 1 Introducing CS-MARS
Introduction to Security Information Management
The Role of a SIM in Today’s Network
Common Features for SIM Products
Desirable Features for SIM Products
Challenges in Security Monitoring
Types of Events Messages
Understanding CS-MARS
Security Threat Mitigation System
Topology and Visualization
Robust Reporting and Rules Engine
Alerts and Mitigation
Description of Terminology
CS-MARS User Interface
Dashboard
Network Status
My Reports
Summary
Chapter 2 Regulatory Challenges in Depth
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Who Is Affected by HIPAA?
What Are the Penalties for Noncompliance?
HIPAA Security Rule
HIPAA Security Rule and Security Monitoring
Gramm-Leach-Bliley Act of 1999 (GLB Act)
Who Is Affected by the GLB Act?
What Are the Penalties for Noncompliance with GLB?
The GLB Act Safeguards Rule
The GLB Safeguards Rule and Security Monitoring
The Sarbanes-Oxley Act of 2002 (SOX)
Who Is Affected by Sarbanes-Oxley?
What Are the Penalties for Noncompliance with Sarbanes-Oxley?
Sarbanes-Oxley Internal Controls
Payment Card Industry Data Security Standard (PCI-DSS)
Who Is Affected by the PCI Data Security Standard?
What Are the Penalties for Noncompliance with PCI-DSS?
The PCI Data Security Standard
Compliance Validation Requirements
Summary
Chapter 3 CS-MARS Deployment Scenarios
Deployment Types
Local and Standalone Controllers
Global Controllers
Sizing a CS-MARS Deployment
Special Considerations for Cisco IPSs
Determining Your Events per Second
Determining Your Storage Requirements
Considerations for Reporting Performance
Considerations for Future Growth and Flood Conditions
Planning for Topology Awareness
CS-MARS Sizing Case Studies
Retail Chain Example
State Government Example
Healthcare Example
Summary
Part II CS-MARS Operations and Forensics
Chapter 4 Securing CS-MARS
Physical Security
Inherent Security of MARS Appliances
Security Management Network
MARS Communications Requirements
Network Security Recommendations
Ingress Firewall Rules
Egress Firewall Rules
Network-Based IDS and IPS Issues
Summary
Chapter 5 Rules, Reports, and Queries
Built-In Reports
Understanding the Reporting Interface
Reporting Methods
The Query Interface
Creating an On-Demand Report
Batch Reports and the Report Wizard
Creating a Rule
About Rules
Creating the Rule
Creating Drop Rules
About Drop Rules
Creating the Drop Rule
Summary
Chapter 6 Incident Investigation and Forensics
Incident Handling and Forensic Techniques
Initial Incident Investigation
Viewing Incident Details
Finishing Your Investigation
False-Positive Tuning
Deciding Where to Tune
Tuning False Positives in MARS
Summary
Chapter 7 Archiving and Disaster Recovery
Understanding CS-MARS Archiving
Planning and Selecting the Archive Server
Configuring the Archiving Server
Configuring CS-MARS for Archiving
Using the Archives
Restoring from Archive
Restoring to a Reporting Appliance
Direct Access of Archived Events
Retrieving Raw Events from Archive
Summary
Part III CS-MARS Advanced Topics
Chapter 8 Integration with Cisco Security Manager
Configuring CS-Manager to Support CS-MARS
Configuring CS-MARS to Integrate with CS-Manager
Using CS-Manager Within CS-MARS
Summary
Chapter 9 Troubleshooting CS-MARS
Be Prepared
Troubleshooting MARS Hardware
Beeping Noises
Degraded RAID Array
Troubleshooting Software and Devices
Unknown Reporting Device IP
Check Point or Other Logs Are Incorrectly Parsed
New Monitored Device Logs Still Not Parsed
How Much Storage Is Being Used, and How Long Will It Last?
E-Mail Notifications Sent to Admin Group Never Arrive
MARS Is Not Receiving Events from Devices
Summary
Chapter 10 Network Admission Control
Types of Cisco NAC
NAC Framework Host Conditions
Understanding NAC Framework Communications
Configuration of CS-MARS for NAC
Framework Reporting
Information Available on CS-MARS
Summary
Chapter 11 CS-MARS Custom Parser
Getting Messages to CS-MARS
Determining What to Parse
Adding the Device or Application Type
Adding Log Templates
First Log Template
Second and Third Log Templates
Fourth and Fifth Log Templates
Additional Messages
Adding Monitored Device or Software
Queries, Reports, and Rules
Queries
Reports
Rules
Custom Parser for Cisco CSC Module
Summary
Chapter 12 CS-MARS Global Controller
Understanding the Global Controller
Zones
Installing the Global Controller
Enabling Communications Between Controllers
Troubleshooting
Using the Global Controller Interface
Logging In to the Controller
Dashboard
Drilling Down into an Incident
Query/Reports
Local Versus Global Rules
Security and Monitor Devices
Custom Parser
Software Upgrades
Global Controller Recovery
Summary
Part IV Appendixes
Appendix A Querying the Archive
Appendix B CS-MARS Command Reference
Appendix C Useful Websites
Index
商品描述(中文翻譯)
描述
安全監控與Cisco Security MARS
威脅緩解系統部署
Gary Halleen
Greg Kellogg
每天都有數百或數千次的探測嘗試網絡和主機,以尋找漏洞。同樣的設備還面臨著來自蠕蟲和病毒的更多自動攻擊。這些攻擊和探測產生的日誌消息或事件的數量,加上分析師需要使用多個監控工具的複雜性,往往使得無法充分調查發生的情況。
Cisco® Security Monitoring, Analysis, and Response System (MARS) 是一個下一代安全威脅緩解系統 (STM)。Cisco Security MARS 接收原始網絡和安全數據,並對主機和網絡信息進行相關性和調查,以提供可操作的情報。這個易於使用的威脅緩解設備系列使您能夠通過利用已經部署在網絡中的網絡和安全設備,集中、檢測、緩解和報告優先威脅,即使這些設備來自多個供應商。
使用Cisco Security MARS進行安全監控,可以幫助您規劃MARS部署,並了解您可能面臨的安裝和管理任務。此外,本書還教您如何使用產品的高級功能,例如自定義解析器、網絡接入控制 (NAC) 和全局控制器操作。通過使用真實世界的部署示例,本書將引導您完成所有必要的步驟,包括正確的設計和尺寸、安裝和故障排除、安全事件的法庭分析、報告創建和存檔,以及將設備與Cisco和第三方漏洞評估工具集成。
“在許多現代企業網絡中,安全信息管理工具在幫助管理、分析和相關事件數據方面至關重要。Greg Kellogg和Gary Halleen在這些頁面中提煉了大量非常有價值的知識。通過依賴於本書中Kellogg和Halleen的智慧,您將大大改善您的MARS部署。”
—Ed Skoudis,安全策略副總裁,Predictive Systems
Gary Halleen是Cisco的安全咨詢系統工程師。他對安全系統以及遠程訪問和路由/交換技術有深入的了解。Gary是CISSP和ISSAP。他的努力使得俄勒岡州首次成功起訴了電腦犯罪。Gary經常在安全活動中演講,並在Cisco Networkers上發表演講。