www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
The use of threat detection and mitigation techniques enables early detection of and notifications about unwanted malicious traffic. The goals are to detect, notify, and help stop unforeseen and unauthorized traffic. These techniques help increase the network's availability, particularly against unidentified and unexpected attacks. Threat detection and mitigation solutions include the following:
- Endpoint protection— Viruses and worms can create havoc by propagating infections from host to host throughout the network. To combat these infestations, endpoint protection such as Cisco's Security Agent is used. It limits the scope of virus outbreaks and is adaptable to new and emerging threats. In addition, antivirus services can aid hosts with detection and removing infections based on known virus pattern markings.
- Application security and anti-X Defense— Several new application-layer network products have been released that help address new classes of threats, such as spam, phishing, spyware, packet abuse, and unauthorized point-to-point file sharing. Anti-X defense provides comprehensive antivirus, anti-spyware, file-blocking, anti-spam, URL blocking, and content filtering services. These products supplement traditional firewalls and network-based intrusion detection system (NIDS) solutions with more granular traffic inspection services, thereby quarantining traffic so that it does not propagate throughout the network.
- Infection containment— Cisco's ASA, PIX, Firewall Services Module (FWSM), and IOS firewalls protect the network by creating security zones that partition the network into separate segments. The firewall services provide perimeter network security but do not eliminate the need for continuous network monitoring. As part of the Cisco SDN architecture, NAC is also used in the perimeter to perform policy-based admission control, thus reducing potential threats.
- Inline IPS and anomaly detection— Cisco has innovated in the area of network intrusion detection systems by being the first to incorporate NIDS into the IOS on routing and switching platforms. In addition, IPS solutions have inline filtering features that can remove unwanted traffic with programmable features that classify traffic patterns. The 4200 IPS sensor appliances, IDSM-2, and the IOS IPS can identify, analyze, and stop unwanted traffic from flowing on the network. Another set of tools used to prevent DDoS attacks and ensure business continuity are the Cisco Traffic Anomaly Detector XT and Guard XT, along with the Cisco Traffic Anomaly Detector Services and Cisco Guard Services module.
Threat Detection and Mitigation Technologies
- Here are some examples of Cisco's Threat Detection and Mitigation technologies:
- - PIX— Firewall appliances
- - FWSM— Catalyst 6500 Firewall Services Module
- - ASA— Adaptive Security Appliance (Robust firewall and/or network-based intrusion prevention system [NIPS])
- - IOS firewall— Cisco IOS Software feature set
- - IPS sensor appliance— NIPS
- - IPS— Intrusion prevention system (IOS feature)
- - CSA— Cisco Security Agent (host-based intrusion prevention system [HIPS])
- Network monitoring:
- - NetFlow— Stats on packets flowing through router (IOS feature)
- - Syslog— Logging data (IOS feature)
- - SNMP— Simple Network Management Protocol (IOS feature)
- - MARS— Monitoring, Analysis, and Response System
- - Cisco Traffic Anomaly Detector Module— Detects high-speed denial-of-service attacks
Threat Detection and Mitigation Solutions
Threat detection and mitigation solutions are deployed throughout the network and can serve as an effective layered defense for secure network communications. For example, let's say your network is being attacked from the Internet, such as a worm or virus outbreak. The Internet WAN routers are your first line of protection and can be used to spot increasing network load or suspicious NetFlow data. After some information has been collected, specific granular ACLs can be used to further identify the attack.
The network IPS provides deep packet inspection to determine the additional details about the attack's signature. HIPS can be deployed using hardware appliances or IOS feature integration; both include signature-based attack detection mechanisms. HIPS also allows for host policy enforcement and verification.
Firewalls can perform stateful packet inspections and block unwanted network traffic locally in the event of an attack. However, it is preferable to engage the ISP and have them block the attack from even entering your network.
To successfully detect threats and mitigate them, it is important to understand where to look for potential threats. The following are good sources of information for detecting and mitigating threats:
- NetFlow
- Syslog
- RMON events
- CPU and interface statistics
- Cisco Security MARS reporting
Figure 14-6 depicts an attacker sourcing from the Internet and targeting the internal network and how the threat can be detected and mitigated.
No comments:
Post a Comment