Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Monitoring attacks

We have installed quite a lot PIX on different small clients.

Would it serve us have a suggestion on as how to check in automatic if these PIXs have suffered attempts of attack, which product could do this?

Of these PIXs we are already saving on computer the syslog but it is

impossible to manually perform its analysis on all firewall.

Thanks in advance for the help

Maurizio

6 REPLIES
New Member

Re: Monitoring attacks

hi

you can use some sensors in your network ,which here we say IDS ,

i depends on your policy to put these products in for corner of your network,

let say we have a firewall which has been put after router and we are interested to manage our policy dynamically on the firewall (here we say pix).

simply you can put the IDS in place ,connect command and control port to the pix interface and activate telnet on the pix .

connect monitoring port to your network .

a cspm u need too, to manage your sensor and view syslogs.

Cisco Employee

Re: Monitoring attacks

If you are willing to spend the money the CiscoWorks 2000 VPN/Security Management Solution would be good to consider:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/index.html

It contains the Monitoring Center for Security which can be configured to recieve security relevant events from Pix Firewalls.

The Monitoring Center can also receive events from IDS sensors should you choose to deploy IDS devices alongside your Pix.

Additionally it contains the Management Center for Pix and the Mangement Center for IDS to help with configuring your Pix Firewalls and IDS Sensors.

New Member

Re: Monitoring attacks

Sorry but we have a sizing problem, our doubt it's the solution for the very small

customer. Customers where to the beginning was difficult to justify the PIX installation.

On this environment the price is extremely critical aspect.

Thank for the help. Maurizio

New Member

Re: Monitoring attacks

Maurizio -

I would re-examine the approach of looking at the Syslog messages. Syslog servers are downloadable at no cost and easily installed. Once you have it installed on a client/server on the internal LAN you could search through the text file for all of the deny messages that you are seeing.

This would all be at zero product cost, and just be whatever service dollars you charge them to do something like that.

-Denny

New Member

Re: Monitoring attacks

Sorry, my question was for a tool, I know that it's possible to

read a text file to check all deny statement, but also my time it's a cost

fortunately.If I correctly understand for these size of customer Cisco it doesn't have a suitable solution. Thanks all for the help.

New Member

Re: Monitoring attacks

You could use a very low spec PC running linux/snort/acid. I know that this is not a cisco solution but it is very cheap and works very very well. Check out http://www.snort.org/ for more information. Hope this helps and good luck.

Richard

223
Views
4
Helpful
6
Replies
CreatePlease login to create content