Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-1 Chapter 16 Enterprise Intrusion Detection System Monitoring and Reporting.

Published byRose Harmon Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-1 Chapter 16 Enterprise Intrusion Detection System Monitoring and Reporting."— Presentation transcript:

1 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-1 Chapter 16 Enterprise Intrusion Detection System Monitoring and Reporting

2 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-2 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Define features and key concepts of the Security Monitor. Install and verify the Security Monitor functionality. Monitor IDS devices with the Security Monitor. Administer Security Monitor event rules. Use the reporting features of the Security Monitor. Administer the Security Monitor server.

3 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-3 Introduction

4 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-4 What Is the Security Monitor? The Security Monitor provides event collection, viewing, and reporting capability for network devices.

5 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-5 Security Monitor Features The following are the Security Monitor features: Monitors the following devices: –Sensor appliances –IDS Modules –IOS Routers –PIX Firewalls Web-based monitoring platform Custom reporting capability

6 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-6 Installation

7 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-7 Installation Requirements Hardware –IBM PC-compatible computer with 800 MHz or faster –Color monitor capable of viewing 256 colors –CD-ROM drive –100 Mbps or faster network connection Memory—1 GB of RAM minimum Disk drive space –12 GB minimum –NTFS Software –Windows 2000 Server with Service Pack 2 –ODBC Driver Manager 3.510 or later

8 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-8 Client Access Requirements Hardware—IBM PC-compatible computer with a 300 MHz or faster Memory—256 MB of RAM minimum Disk drive space—400 MB virtual memory Software –Windows 98 and NT 4.0 –Windows 2000 Professional with Service Pack 2 –Windows 2000 Server/Advanced Server with Service Pack 2 Browser –Internet Explorer 6.0 or later (recommended) –Netscape Navigator 4.79 or later

9 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-9 Installation Overview VMS Common Services is required for the Security Monitor. VMS Common Services provides the CiscoWorks server-based components, software libraries, and software packages developed for the Security Monitor.

10 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-10 Security Monitor Installation

11 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-11 Component and Database Location Selection

12 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-12 Database Password and Syslog Port

13 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-13 Communication Properties

14 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-14 Upgrade Process

15 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-15 Getting Started

16 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-16 CiscoWorks Login

17 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-17 CiscoWorks User Authorization Roles CiscoWorks user authorization roles allow different privileges within the VMS and the Security Monitor: –Help Desk—Read-only for the entire system –Approver—Read-only for the entire system –Network Operator—Read-only for the rest of the system and generates reports –Network Administrator—Configures devices, and modifies reports and rules –System Administrator—Performs all operations Users can be assigned multiple authorization roles.

18 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-18 CiscoWorks Add User Choose Server Configuration>Setup>Security>Add Users.

19 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-19 Security Monitor Launch Choose VPN/Security Management>Management Center>Security Monitor.

20 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-20 Understanding the Security Monitor Interface Path bar TOC Option barTabs Instructions Page Tools Action buttons

21 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-21 Security Monitor Configuration

22 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-22 Security Monitor Configuration Security Monitor configuration operations are: Adding Devices—Security Monitor monitors the following types of devices: –RDEP IDS –PostOffice IDS –IOS IDS –Host IDS –PIX Monitoring Devices—Information monitored falls into the following three categories: –Connections –Statistics –Events Event Notification—Tasks involved to configure notification are as follows: –Adding Event Rules –Activating Event Rules

23 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-23 Devices—Add Choose Devices.

24 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-24 RDEP Devices—Add Choose Devices and Select Add.

25 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-25 RDEP Devices—Add (cont.)

26 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-26 PostOffice Devices—Add

27 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-27 IOS IDS Devices—Add

28 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-28 Devices—Import Choose Devices and Select Import.

29 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-29 Devices—Import (cont.)

30 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-30 Monitor—Connections Choose Monitor>Connections.

31 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-31 Monitor—Statistics Choose Monitor>Statistics.

32 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-32 Monitor—Statistics (cont.)

33 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-33 Event Notification Event notification is completed by creating event rules. The following tasks are involved in creating an event rule: –Assign a name to the event rule. –Define the event filter criteria. –Assign the event rule action. –Define the event rule threshold and interval. –Activate the event rule.

34 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-34 Event Rules—Step 1 Choose Admin>Event Rules>Add.

35 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-35 Event Rules—Step 2

36 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-36 Event Rules—Step 3

37 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-37 Event Rules—Step 4

38 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-38 Event Rules—Activation Choose Admin>Event Rules>Activate.

39 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-39 Event Viewer

40 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-40 Event Viewer

41 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-41 Security Monitor—Event Viewer Choose Monitor>Events.

42 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-42 Event Viewer Options Configuring the Event Viewer involves understanding the following options: Moving Columns Deleting Rows and Columns Collapsing columns Setting the Event Expansion Boundary Expanding Columns Suspending and Resuming New Events Changing Display Preferences Creating Graphs View Option

43 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-43 Event Viewer—Moving Columns

44 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-44 Event Viewer—Deleting Rows and Columns Choose Monitor>Events>Delete.

45 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-45 Event Viewer—Collapsing Columns Choose Monitor>Events>Collapse.

46 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-46 Event Viewer—Setting the Event Expansion Boundary

47 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-47 Event Viewer—Expanding Columns Choose Monitor>Events>Expand.

48 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-48 Event Viewer—Suspending and Resuming New Events

49 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-49 Event Viewer—Changing Display Preferences Choose Monitor>Events>Preferences.

50 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-50 Event Viewer—Creating Graph Choose Monitor>Events>Graph.

51 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-51 Event Viewer—View Option Choose Monitor>Events>View.

52 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-52 Administration and Reporting

53 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-53 Security Monitor Administration

54 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-54 Admin—Database Rules Choose Admin>Database Rules>Add.

55 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-55 Admin—Database Rules (cont.) Choose Admin>Database Rules>Add>Next.

56 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-56 Admin—System Configuration Settings Choose Admin>System Configuration.

57 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-57 Admin—PostOffice Settings Choose Admin>System Configuration>Postoffice Settings.

58 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-58 Admin—Defining Event Viewer Preferences

59 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-59 Admin—Defining Event Viewer Preferences (cont.) Choose Admin>Event Viewer>Your Preferences.

60 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-60 Security Monitor Reports

61 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-61 Reports—Generate Choose Reports>Generate.

62 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-62 Reports—Generate (cont.)

63 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-63 Reports—Schedule Report

64 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-64 Reports—View Choose Reports>View.

65 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-65 Summary

66 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-66 Summary Security Monitor is a component of the Virtual Private Network (VPN)/Security Management Solution (VMS) product. The Security Monitor is a web-based tool that provides event collection, viewing, and reporting capabilities for IDS devices. The Security Monitor can monitor the following devices: –Appliance Sensors –IDS Modules –Router Modules –IOS Routers –PIX Firewalls To efficiently monitor the events from multiple devices on your network, you can configure Event Rules for Security Monitor.

67 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-67 Summary (cont.) Event Rules enables you to perform one of the following actions when Security Monitor receives certain events: –Send an email notification –Generate an audit (console) message –Execute a script Event Viewer enables you to view the alerts received by your monitored devices in a graphical interface. Security Monitor can generate reports based on the information stored in the Security Monitor database.

68 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-68 Lab Exercise

69 © 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-69.6 idsmP.6 idsmQ.4 sensorP.4 sensorQ.100 172.30.Q.0 172.30.P.0 Lab Visual Objective STUDENT PC.2 STUDENT PC ROUTER.1.2 ROUTER.1 REMOTE: 10.1.P.12 LOCAL: 10.0.P.12 REMOTE: 10.1.Q.12 LOCAL: 10.0.Q.12 10.0.P.0 10.0.Q.0 RTS.100 Pods 1–5 Pods 6–10.10 WEB FTP SMTP POP WEB FTP SMTP POP.10 172.26.26.0.150.50 WEB FTP RBB

Download ppt "© 2003, Cisco Systems, Inc. All rights reserved. CSIDS 4.0—16-1 Chapter 16 Enterprise Intrusion Detection System Monitoring and Reporting."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
© 2003, Cisco Systems, Inc. All rights reserved..

© 2003, Cisco Systems, Inc. All rights reserved..
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Module 1: Installing Windows XP Professional

Module 1: Installing Windows XP Professional
Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.

Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.

Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.

Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
11 MONITORING MICROSOFT WINDOWS SERVER 2003 Chapter 3.

11 MONITORING MICROSOFT WINDOWS SERVER 2003 Chapter 3.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.

Similar presentations

Ads by Google