Monitoring With Alterpoint And Cs Mars


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Monitoring With Alterpoint And Cs Mars

  1. 1. Security Monitoring With CS-Mars and AlterPoint
  2. 2. Agenda <ul><li>Security Fundamentals </li></ul><ul><li>Alterpoint </li></ul><ul><li>CS-MARS </li></ul>
  3. 3. Security Fundamentals <ul><li>What is a Secure Network ? </li></ul><ul><ul><ul><li>A Lifetime of work </li></ul></ul></ul><ul><ul><ul><li>A Lifetime of Change </li></ul></ul></ul><ul><ul><ul><li>A Moving Target </li></ul></ul></ul><ul><li>The Goals of Network Security </li></ul><ul><ul><ul><li>Confidentiality </li></ul></ul></ul><ul><ul><ul><ul><ul><li>Data confidentiality implies keeping data private. </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Integrity </li></ul></ul></ul><ul><ul><ul><ul><ul><li>Data integrity ensures that data has not been modified in transit. </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Availability </li></ul></ul></ul><ul><ul><ul><ul><ul><li>The availability of data is a measure of the data’s accessibility. </li></ul></ul></ul></ul></ul>
  4. 4. Potential Hacker <ul><li>Categories of Hacker </li></ul><ul><ul><ul><li>White Hat Hacker </li></ul></ul></ul><ul><ul><ul><li>Black Hat Hacker </li></ul></ul></ul><ul><ul><ul><li>Gray hat Hacker </li></ul></ul></ul><ul><ul><ul><li>Script Kiddy </li></ul></ul></ul><ul><ul><ul><li>Hobby hacker </li></ul></ul></ul><ul><li>How a Hacker Hacks </li></ul><ul><ul><ul><li>Perform Reconnaissance </li></ul></ul></ul><ul><ul><ul><li>Identify Running Applications and Operating System </li></ul></ul></ul><ul><ul><ul><li>Gain Access to the System </li></ul></ul></ul><ul><ul><ul><li>Log in With user credentials escalate privileges </li></ul></ul></ul><ul><ul><ul><li>Create or gather other username and passwords </li></ul></ul></ul><ul><ul><ul><li>create a backdoor </li></ul></ul></ul>
  5. 5. Types of Attacks <ul><li>Confidentiality Attack </li></ul><ul><ul><ul><li>Packet capture </li></ul></ul></ul><ul><ul><ul><li>Ping sweep and port scan </li></ul></ul></ul><ul><ul><ul><li>Dumpster diving </li></ul></ul></ul><ul><ul><ul><li>Wiretapping </li></ul></ul></ul><ul><ul><ul><li>Social engineering </li></ul></ul></ul><ul><li>Integrity Attack </li></ul><ul><ul><ul><li>Password attack( Trojan horse, Packet capture,Keylogger, Dictionary attack) </li></ul></ul></ul><ul><ul><ul><li>Hijacking a session </li></ul></ul></ul><ul><ul><ul><li>Trust relationship exploitation </li></ul></ul></ul><ul><li>Availability Attack </li></ul><ul><ul><ul><li>Denial of service (DoS) </li></ul></ul></ul><ul><ul><ul><li>Distributed denial of service (DDoS) </li></ul></ul></ul><ul><ul><ul><li>TCP SYN flood </li></ul></ul></ul><ul><ul><ul><li>Electrical disturbances </li></ul></ul></ul>
  6. 6. Defense in Depth <ul><li>Deploy Security in Layers </li></ul><ul><ul><ul><li>Defend multiple attack targets in the network. </li></ul></ul></ul><ul><ul><ul><li>Protect the network infrastructure. </li></ul></ul></ul><ul><ul><ul><li>Create overlapping defenses </li></ul></ul></ul><ul><ul><ul><li>Use strong encryption technologies </li></ul></ul></ul>
  7. 7. Security solutions <ul><li>Two key components </li></ul><ul><ul><ul><li>AlterPoint </li></ul></ul></ul><ul><ul><ul><ul><ul><li>Provides Centralized Configuration </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Cross Platform( Many Devices) , GUI Interface </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Handles Routers, Switches,Firewall,AccessPoint Etc </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Cisco Security Monitoring, Analysis and responses System </li></ul></ul></ul><ul><ul><ul><ul><ul><li>Handles the Monitoring, Anallysis and mitigatin piece of the Cisco security Solution </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Correlates network events to avoid False positives </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Uses Cisco Net Flow To Identity Anomalies </li></ul></ul></ul></ul></ul>
  8. 8. AlterPoint <ul><li>Alter Point has superb capabilities to perform configuration changes including ACL changes for all Network devices. It has already been selected as the primary application used to manage all network devices. </li></ul><ul><li>There are a total of 396 devices being managed via Alter Point: </li></ul>
  9. 9. Alterpoint - Inventory section <ul><li>Provides access to the device inventory and configuration features of the system. </li></ul><ul><li>Compare current device configurations with other configurations </li></ul><ul><li>View device configuration history </li></ul>
  10. 10. Inventory section - Cont <ul><li>Viewing Current Configuration </li></ul>
  11. 11. Inventory section - Cont <ul><li>Viewing Historical Configuration </li></ul>
  12. 12. Inventory section - Cont <ul><li>Compare the Two Configurations </li></ul>
  13. 13. Inventory section - Cont <ul><li>Configuration Differences </li></ul>
  14. 14. AlterPoint – Events <ul><li>Provides access to the real-time device configuration changes. </li></ul><ul><li>Displays real-time messages about configuration change, that occur over the most recent twenty-four hour period </li></ul>
  15. 15. AlterPoint - Reports Section <ul><li>Reporting of Configuration Changes: </li></ul><ul><ul><ul><li>For All RoutersSwitches </li></ul></ul></ul><ul><ul><ul><li>Individual location RoutersSwitches </li></ul></ul></ul><ul><ul><ul><li>Compare individual Device changes [Current vs. Previous] </li></ul></ul></ul><ul><ul><ul><li>Compare “Running” configuration vs. “Start Up” configuration </li></ul></ul></ul><ul><ul><ul><li>Ability to generate manual or scheduled reports </li></ul></ul></ul>
  16. 16. CS-MARS (Cisco Security Monitoring, Analysis, and Response System ) <ul><li>A Security Information/Even Manager collect simple network management protocol and syslog data from security devices and insert it into a database. provides easy user interface with which to access that information </li></ul><ul><li>Summarization of events from multiple devices </li></ul><ul><li>Correlate data from across the Enterprise Firewall,IPS,IDS,Routers Switches </li></ul><ul><li>Contains a high-level summary dashboard that includes incidents, hotspot graphs, and attack diagrams. An incident can be an indication that a high-level security attack. </li></ul>
  17. 17. CS-MARS – At Glance <ul><li>Summary Dashboard :The dashboard includes a summary of security incidents, or a high-level indication of a possible network attack or vulnerability based upon input from devices and hosts in the self-defending network. </li></ul><ul><li>Information on events within the last 24 hours, false positives that are detected, a hotspot, and an attack diagram including source and destination of the attack. </li></ul>
  18. 18. Case Study <ul><li>Denies-Top Source ---Attack </li></ul>
  19. 19. CS-MARS <ul><li>Generated query for its Destination address </li></ul>
  20. 20. CS-MARS – Hotspot and attack diagram <ul><ul><ul><li>Cisco Security MARS requires SNMP read access to construct a Layer 3 and Layer 2 topological map of the network </li></ul></ul></ul><ul><ul><ul><li>An attack diagram allows the user to highlight a vulnerable path between two points in the network </li></ul></ul></ul><ul><ul><ul><li>The hotspot graph displays the path of the incident or attack across the network </li></ul></ul></ul>
  21. 21. CS-MARS – INCIDENT TAB <ul><li>an incident is displayed with the matching rule that triggered the incident </li></ul>
  22. 22. CS-MARS – QUERY/REPORTS TAB <ul><li>A collection of predefined reports in addition to the ability to create a custom report </li></ul>
  23. 23. CS-MARS : RULES TAB <ul><li>To display an incident, a matching rule was used to trigger that a possible security incident or attack was in progress </li></ul><ul><li>A set of system rules that are automatically configured and applied to detect security incidents or attacks </li></ul><ul><li>Create customized or user inspection rules </li></ul>
  24. 24. CS-MARS – MANAGEMENT TAB <ul><li>Enables the user to view events and create IP addresses, services (ports or protocols), and admin accounts </li></ul>
  25. 25. CS-MARS – ADMIN TAB <ul><li>Enables the configuration of administrative functions like system setup, maintenance, user management, system parameters and custom setup. </li></ul>
  26. 26. © 2008 MindTree Ltd Imagination Action Joy