Threat Detection and Mitigation Solutions

Threat detection and mitigation solutions are deployed throughout the network and can serve as an effective layered defense for secure network communications. For example, let's say your network is being attacked from the Internet, such as a worm or virus outbreak. The Internet WAN routers are your first line of protection and can be used to spot increasing network load or suspicious NetFlow data. After some information has been collected, specific granular ACLs can be used to further identify the attack.

The network IPS provides deep packet inspection to determine the additional details about the attack's signature. HIPS can be deployed using hardware appliances or IOS feature integration; both include signature-based attack detection mechanisms. HIPS also allows for host policy enforcement and verification.

Firewalls can perform stateful packet inspections and block unwanted network traffic locally in the event of an attack. However, it is preferable to engage the ISP and have them block the attack from even entering your network.

To successfully detect threats and mitigate them, it is important to understand where to look for potential threats. The following are good sources of information for detecting and mitigating threats:

■ SNMP thresholds and traps

■ CPU and interface statistics

■ Cisco Security MARS reporting

Figure 14-6 depicts an attacker sourcing from the Internet and targeting the internal network and how the threat can be detected and mitigated.

Figure 14-6 Threat Detection and Mitigation

Figure 14-6 Threat Detection and Mitigation

1) Network load increasing - spotted by rising CPU, interface stats, and NetFlow

HTTP FTP

DMZ Switch

HTTP FTP

DMZ Switch

Internal User

Was this article helpful?

0 0

Post a comment