Categories

• 350-018-lab
• 350-018-Written
• AAA
• CCIE Humor
• Cisco Certification
• Citrix Certification
• Cognos Certification
• CompTIA Certification
• CTP Certification
• CWNP Certification
• EC-Council Certification
• Enterasys Networks Certification
• EXIN
• IBM Certification
• Inc Certification
• IOS firewall
• IPS
• ISEB Certification
• Juniper Certification
• News
• Oracle Certification
• PIX
• Resource sharing
• VMware Certification
• VPN

Spam Blocked

5,239 spam comments

blocked by
Akismet

Security Monitoring with Cisco Security MARS free download

By admin | April 22, 2009

Introduction

Security Event Management (SEM) systems, Security Information Management (SIM) systems, and
Security Threat Mitigation (STM) systems are all solutions with a primary goal of making it easier to
determine when bad things are happening on your network. Ideally, the tools we use to correlate events
between various network and security devices or software will detect malicious behavior before damage
is done, rather than letting us know when we’ve already been compromised.
This book is intended to describe how a third-generation tool, the Cisco Security Monitoring, Analysis,
and Response System (CS-MARS), performs as an STM solution.
Goals and Methods
The goal of this book is to provide the information you need to successfully use the CS-MARS appliances
in a real network, on a day-to-day basis. No SIM or STM solution, out of the box, is a perfect fit
for every network. As you read through the chapters, we hope you find tidbits that help you make the
most of your investment. We also hope you learn enough to avoid some of the common mistakes and
misconfigurations.
CS-MARS is a powerful tool that can dramatically increase your knowledge of activity, whether malicious
or not, on your network. There are many case studies and other examples throughout the book that
show you how this STM functions in a real-world network. Hopefully, some of these examples will bear
a resemblance to your own network.
By the time your finish this book, you should have a good understanding of the overall operations and
maintenance tasks involved with a CS-MARS deployment. Some of the things you will learn include:
• How to properly design and size a CS-MARS deployment
• Protection of the information contained with CS-MARS
• Incident investigation techniques
• Customization features to allow support of applications and devices that aren’t natively
supported
• Creation of custom reports and queries

Contents at a Glance
Foreword xvi
Introduction xvii
Part I Introduction to CS-MARS and Security Threat Mitigation 3
Chapter 1 Introducing CS-MARS 5
Chapter 2 Regulatory Challenges in Depth 27
Chapter 3 CS-MARS Deployment Scenarios 59
Part II CS-MARS Operations and Forensics 75
Chapter 4 Securing CS-MARS 77
Chapter 5 Rules, Reports, and Queries 89
Chapter 6 Incident Investigation and Forensics 133
Chapter 7 Archiving and Disaster Recovery 163
Part III CS-MARS Advanced Topics 179
Chapter 8 Integration with Cisco Security Manager 181
Chapter 9 Troubleshooting CS-MARS 193
Chapter 10 Network Admission Control 209
Chapter 11 CS-MARS Custom Parser 219
Chapter 12 CS-MARS Global Controller 261
Part IV Appendixes 281
Appendix A Querying the Archive 283
Appendix B CS-MARS Command Reference 295
Appendix C Useful Websites 305
Index 307

Click here to free download this file :Security Monitoring with Cisco Security MARS

Topics: Resource sharing |

Comments

Name (required)

Mail (will not be published) (required)

Website