 |
 |
|
Event Correlation - Call PBM IT at (888) 233-6471With attacks on the rise, businesses and customers need assurance they are protected from the disruption and cost-of-service outages or corrupted data. The proven Cisco Self-Defending Network is a multifaceted approach that protects businesses from the devastating effects of worms, viruses, cyber-terrorists, and other attacks. Computer viruses, worms, and spyware typically enter businesses via e-mail or IM applications, Web downloads, or file transfers, although sophisticated attacks can enter via mobile wireless services or operating system services. Industry-leading Cisco Intrusion Prevention Systems (IPSs) scan and inspect all incoming traffic in real time, looking for known irregularities that may signal an attack. If an anomaly is detected, a Cisco security appliance rates the severity of the risk and communicates to other security-aware network components. This way, they can stop the threat at the source immediately and prevent it from spreading through the network. Worms, viruses, and spyware aren’t the only way businesses can be attacked. Cisco security appliances use the same traffic and application inspection capabilities to detect and repel DoS attacks, or other attacks so new they don’t have a name yet. Integrated security throughout the business stops known and unknown attacks in real time, and communication between network components allows them to adapt to changing security conditions. These layers of security allow small and medium-sized businesses to continue to respond to customers and stay open for business even while under attack The Cisco Intrusion Prevention System (1) Identifies, classifies, and stops malicious traffic, including worms, spyware, adware, viruses, and application abuse, (2) Delivers high-performance, intelligent threat detection and protection over a range of deployment options, (3) Uses reputation filtering and global inspection to give businesses actionable intelligence and prevent threats with confidence, and (4) Promotes business continuity and helps businesses meet compliance needs. Cisco TrustSec (1) Provides network access controls based on a consistent policy for users, endpoint devices, and networking devices (such as routers and switches), (2) Uses end user, device identity and other information to provide precise security policy controls both at the edge and through the network, (3) Is ideal for organizations that need to control how a user or device is granted access, what security policies endpoint devices must meet, and which resources authorized users may access, and (4) Helps secure data paths in the switching environment with IEEE 802.1AE standard encryption and, with Cisco switching infrastructure, maintains control so that critical security applications such as firewalls, intrusion prevention, and content inspection can retain visibility into data streams Network security tools include: (1) Antivirus software packages : These packages counter most virus threats if regularly updated and correctly maintained, (2) Secure network infrastructure : Switches and routers have hardware and software features that support secure connectivity, perimeter security, intrusion protection, identity services, and security management. Dedicated network security hardware and software-Tools such as firewalls and intrusion detection systems provide protection for all areas of the network and enable secure connections, (3) Virtual private networks : These networks provide access control and data encryption between two different computers on a network. This allows remote workers to connect to the network without the risk of a hacker or thief intercepting data, (4) Identity services : These services help to identify users and control their activities and transactions on the network. Services include passwords, digital certificates, and digital authentication keys, (5) Encryption : Encryption ensures that messages cannot be intercepted or read by anyone other than the authorized recipient. and (6) Security management : This is the glue that holds together the other building blocks of a strong security solution. None of these approaches alone will be sufficient to protect a network, but when they are layered together, they can be highly effective in keeping a network safe from attacks and other threats to security. In addition, well-thought-out corporate policies are critical to determine and control access to various parts of the network. Masquerade attacks, as the name suggests, relate to an entity (usually a computer or a person) taking on a false identity in order to acquire or modify information, and in effect achieve an unwarranted privilege status. Masquerade attacks can also incorporate other categories. Your organizations firewall security policy is the foundation for the security measures that your firewall provides. As new technology is introduced, the security policy can become bloated with out-of-date information, incorrect host or network definitions, and rules that no longer support the business you are trying to protect. Evaluation of system security can and should be conducted at different stages of system development. Security evaluation activities include, but are not limited to, risk assessment, certification and accreditation (C&A), system audits, and security testing at appropriate periods during a systems life cycle. These activities are geared toward ensuring that the system is being developed and operated in accordance with an organization’s security policy. This section discusses how network security testing, as a security evaluation activity, fits into the system development life cycle. One form of attack on computing systems connected to the Internet is eavesdropping on network connections to obtain login ids and passwords of legitimate users [RFC 1704]. Bellcore's S/KEY(TM) one-time password system was designed to counter this type of attack, called a replay attack [RFC 1760]. Several one-time password implementations compatible with Bellcore's S/KEY (TM) system exist. These implementations are increasingly widely deployed in the Internet to protect against passive attacks. Stop security attacks before they affect business continuity. Cisco ASA 5500 Series Adaptive Security Appliances provide intelligent threat defense and highly secure communications services. These solutions help organizations lower their deployment and operational costs while delivering comprehensive network security for networks of all sizes. Network administrators can run the grep command against configuration files pulled from routers and firewalls and stored in local directory of their workstation (UNIX or Windows), or use grep statement build into Cisco IOS or ASA. For example, suppose the auditor wants to check the configuration for all telnet statements. The network administrator can run show running-config grep telnet and look through each entry (or without grep, just using include sh run i telnet), filter out addresses and send output to auditor. |
