Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
4
Helpful
6
Replies

Monitoring attacks

mpreti
Level 1
Level 1

‎04-02-2003 12:42 AM - edited ‎03-09-2019 02:44 AM

We have installed quite a lot PIX on different small clients.

Would it serve us have a suggestion on as how to check in automatic if these PIXs have suffered attempts of attack, which product could do this?

Of these PIXs we are already saving on computer the syslog but it is

impossible to manually perform its analysis on all firewall.

Thanks in advance for the help

Maurizio

Labels:
0 Helpful
6 Replies 6

rzcisco
Level 1
Level 1

‎04-08-2003 02:14 AM

hi

you can use some sensors in your network ,which here we say IDS ,

i depends on your policy to put these products in for corner of your network,

let say we have a firewall which has been put after router and we are interested to manage our policy dynamically on the firewall (here we say pix).

simply you can put the IDS in place ,connect command and control port to the pix interface and activate telnet on the pix .

connect monitoring port to your network .

a cspm u need too, to manage your sensor and view syslogs.

0 Helpful

marcabal
Cisco Employee
Cisco Employee

‎04-08-2003 09:24 AM

If you are willing to spend the money the CiscoWorks 2000 VPN/Security Management Solution would be good to consider:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/index.html

It contains the Monitoring Center for Security which can be configured to recieve security relevant events from Pix Firewalls.

The Monitoring Center can also receive events from IDS sensors should you choose to deploy IDS devices alongside your Pix.

Additionally it contains the Management Center for Pix and the Mangement Center for IDS to help with configuring your Pix Firewalls and IDS Sensors.

0 Helpful

mpreti
Level 1
Level 1
In response to marcabal

‎04-10-2003 10:59 PM

Sorry but we have a sizing problem, our doubt it's the solution for the very small

customer. Customers where to the beginning was difficult to justify the PIX installation.

On this environment the price is extremely critical aspect.

Thank for the help. Maurizio

0 Helpful

dbobeldyk
Level 1
Level 1
In response to mpreti

‎04-11-2003 07:00 AM

Maurizio -

I would re-examine the approach of looking at the Syslog messages. Syslog servers are downloadable at no cost and easily installed. Once you have it installed on a client/server on the internal LAN you could search through the text file for all of the deny messages that you are seeing.

This would all be at zero product cost, and just be whatever service dollars you charge them to do something like that.

-Denny

0 Helpful

mpreti
Level 1
Level 1
In response to dbobeldyk

‎04-11-2003 07:19 AM

Sorry, my question was for a tool, I know that it's possible to

read a text file to check all deny statement, but also my time it's a cost

fortunately.If I correctly understand for these size of customer Cisco it doesn't have a suitable solution. Thanks all for the help.

0 Helpful

richardmcmahon
Level 1
Level 1
In response to mpreti

‎04-17-2003 02:49 AM

You could use a very low spec PC running linux/snort/acid. I know that this is not a cisco solution but it is very cheap and works very very well. Check out http://www.snort.org/ for more information. Hope this helps and good luck.

Richard

Customers Also Viewed These Support Documents