Understanding Types of DDoS Attacks

Table 2-1 describes several varieties of generic DDoS attacks. Source and destination IP addresses are the same, causing the TCP response to loop. Sends large numbers of TCP connection initiation requests to the target. The target system must consume resources to keep track of these partially opened connections. Internet Control Message Protocol (ICMP) Sends ICMP ping requests to a directed broadcast address. The forged source address of the request is the target of the attack. The recipients...

Host Intrusion Prevention CSA

CSA provides host intrusion protection for users or hosts on the network. CSA can be considered the last line of the layered self-defending network defense because CSA can prevent malicious behavior on a host, including attacks such as buffer overflow. CSA can be automatically and centrally updated with new policies to help protect against new network attacks. CSA is end-device or host software that monitors the behavior and critical resources of the end-device or host. CSA also contains an...

S m t S I to e s

B Q> Sensor Setup ' Network ' Allowed Hosts 0- < X SSH B-Q. Certificates S ime Susers B Qi Interface Configuration Flow Notification B- Q, Analysis Engine f virtual Sensor 'pGlobal Variables Q Signature Definition f custom Signature Wiza ' Miscellaneous B Q Event Action Rules 'pEvent Variables ' Target Value Rating Action Overrides Action Filters eneral Settings B Q> Blocking ' Blocking Properties evice Login Profiles ocking Devices outer Blocking Device Signature Configuration Select By...

Mil[Bilfim

Home > Zone > User filters > Add filter - step 2 User Filter Form I Home > Zone > User filters > Add filter - step 2 User Filter Form I Source IP Source Subnet Protocol Dst Port Fragments Rate Burst Action basic default - basic reset j basic redirect basicAcp-dns basic safe-reset strong Zone Zone_20_41_2 (interactive) - Protected1 Screen fitter Path *t*t*t*t* Policies Current configuration Config selection Add sen ice Remove seivice View Detector File Edit View Go Bookmarks Tools...

HTTP Inspection Engine

HTTP or web traffic is one of the most popular types of traffic on networks today. ASA includes the ability to inspect HTTP traffic flows to detect possible network attacks. You can initiate the process to configure the inspection of an HTTP traffic flow under the Service Policy Rules section. This process to initiate the creation of a traffic flow for HTTP inspection is similar to the process to define a traffic flow with Service Policy Rules for IPS inspection as described in the Intrusion...

Network Admission for NAC Agentless Hosts

The previous example described the admission process for a NAC-enabled endpoint running a posture agent, such as Cisco Trust Agent. This section describes the process for endpoints that do not have a posture agent. NAC agentless hosts (NAH) can be accommodated by several methods, as shown in Table 6-2. A NAH exception list and whitelist can be created to identify known endpoints that do not have a posture agent installed and running. The option chosen is dependent upon the NAC Framework...

Cisco Security Monitoring Analysis and Response System

Chapter 9discussed Cisco Security Manager in detail. Cisco Security Manager is the centralized configuration management product for a self-defending network. The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) product is the monitoring and mitigation platform for a self-defending network. Cisco Security Manager creates and deploys configurations to self-defending network devices including Cisco IOS routers, Catalyst 6500 7600 Firewall Services Modules, and...

Figure 413 Automated Outbreak Management Alert Level

Outbreak H-an ag e-fnairt cvki Lafl Upd-atcs CFob-al Se-tting i ni I ji -siV Mnn.igiimcmt Summary Lifrift 'j '-J i'.i'J li'ViOCifc- lii-S& iii km -m inj urlirr.il -l-tofi-buv-n iVl Ta T k Munt Hi- t To Wii> i List IrniiKed Date Ti s OFt-arr- Jfr'njK M in iBtmtnl' Tt ia PutaiiHilk. Uulbnr-ih H n*p rTHPit I * ki Ent T-a Zltfi 1C-S HD d*pk-v nutbruk iifc-ii- - irri-- twk r i-jl-irr v far .'i-d jnd v-bII i'I Jf1. Vfrt*'. H-Tiiyf'itTl F i Ir.rt4t.il fl.j K fllFPT 'J'ATI-I liaKl C Luji nmb*<...

Managing the Cisco Security Agent

The Cisco Security Agent represents the last line of defense in a layered self-defending network. The Cisco Security Agent operates directly on the end station by monitoring the OS kernel and requests to the file system, network resources, and registry keys. The Cisco Security Agent can reside directly on the PC, laptop, or server in the network. Cisco Security Agent is supported on Windows, Solaris, and Linux machines. Cisco Security Agent can provide a day-zero defense against new network...

TME Lab Guardl

J Start 11 j I i i Cisco Guard Web chapQ2orig.doc - Mic. Acrobat Reader - cc. , ijlSiaglt Capture Previ . 'jSb 0 File Rules Search Options Tools Wizards Help Device Information General j License Host Name ASA40-88.default.domain.invalid ASA Version 7.0(0)104 Device Uptime 1d 19h 34rn 57s ASDM Version 5.0(0)60 Device Type ASA5540 Firewall Mode Routed Context Mode Single Total Flash 128 MB Total Memory 1024 MB 172.23.62.88 24 10.1 0.20.88 24 2.3.4.5 24 192.1.2.3 24 'outside' Interface Traffic...

Configuring Firewall Access Control List ACLs Rules from Topology

The Device View section of this chapter detailed how to add an access control list (ACLs) to a device from the device view. You can also configure access control list (ACLs) rules on a firewall device from a topology map in the map view. The topology map view is a good fit for smaller networks or for security or network operators who prefer to view their network graphically with a topology map. In addition to smaller networks, topology maps can also be a good fit for the commercial or...