Re: IDS,ASA,PIX firewall monitoring and optimizing
CS-MARS is a security product that mainly used to analyse, correlates and produce/recommed mitigation action based on the log analysis.
You need to send your syslog, snmp or NetFlow to CS-MARS from all/selected network devices in the network to enable it to have visibility of the network activities. It has built-in signatures or rules that trigger incidents, and allows you can create your own rule to monitor certain segment or devices. Notification is available in the form of email, sms, pager, snmp and syslog.
CS-MARS does not replace the function of IDS/IPS or antivirus, but as a critical security complimentary product to allow you to stop any detected malicious incidents/activities from a nearest point, e.g shutting down switch port where a PC is detected trying to launch network attack, virus or trojans. The concept more or less similar to 'Forward Defense' used by certain country today.
CS-MARS is measured by its capabilities to handle received Event and Netflow logs per second. This include the HDD capacity. You can have single unit (Local Controller) or multiple unit that centrally managed by Global Controller.
CS-MARS support wide range of networking and security products.
This Cisco Security Manager (3.0) is a scalable deployment and management tool. Among its functions/benefits/features are facilitating the provisioning of VPN, Firewall and IPS, as well as provide integrated management, operational and health/performance monitoring.
The supported devices are:
* Cisco PIX Security Appliances
* Cisco ASA 5500 Series Adaptive Security Appliances
* Cisco IPS 4200 Series Sensors
* Cisco Catalyst 6500 Series Firewall Services Module
* Cisco Catalyst 6500 Series VPN Services Module
* Cisco Catalyst 6500 Series IDSM2
* Cisco Catalyst 6500 Series IPS Services Modules
* Cisco IOS IPS Router Sensor Modules
* Cisco Integrated Services Routers
More details on Cisco Security Manager (3.0) is availabe at:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...