Threat Detection and Mitigation Solution Deployment Locations

Threat detection and mitigation solutions can be deployed throughout the network, as illustrated in Figure 10-17.

Figure 10-17 Threat Detection and Mitigation Solution Deployment Locations

1. Network load increases (spotted by either SNMP or NetFlow).

3. Specific nature of attack can be determined with deep packet inspection via IPS.

1. Network load increases (spotted by either SNMP or NetFlow).

3. Specific nature of attack can be determined with deep packet inspection via IPS.

2. Attack type can be identified (if necessary) with static ACLs.

4. Attack can be blocked locally and (more effectively) at the ISP.

2. Attack type can be identified (if necessary) with static ACLs.

4. Attack can be blocked locally and (more effectively) at the ISP.

In this example, the perimeter Internet WAN router is the first line of defense in a worm attack. A network management station detects an increase in network load through SNMP or NetFlow events from the perimeter router.

Specific ACLs can be applied on this router to identify the attack type. NIPSs can use deep packet examination to determine the specific nature of the attack. HIPSs are typically implemented in software, whereas NIPSs are typically appliances or software features in a network device. Both IPS implementations use inline signature-based attack detection. HIPSs can also be used to provide host policy enforcement and verification.

A stateful firewall can be used to block the attack locally, until the Internet service provider (ISP) shuts down the attack. A key element of a successful threat detection and mitigation system is understanding when to look at which information from sources such as NetFlow, Syslog, SNMP traps, changes in SNMP values and thresholds, and Remote Monitoring (RMON).

A good security information manager such as Cisco Security MARS helps aggregate this data and present it in a useful format.

Was this article helpful?

0 0
Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook


Post a comment