RECORD ALL SUSPICIOUS ACTIVITY. TAKE FURTHER ADVICE FROM LAWENFORCE...
6. Record all suspicious activity. Take further advice from law
enforcement on the next steps to take. Review the outcome in a
meeting with the working party. Update any procedural documen-
tation as required.
Q: Would a firewall or other security product interfere with the IDS?
A: In short, not if the system is configured correctly. Sensors should be
made aware of NetSonar scans for example; this prevents unnecessary
auditing. Likewise, a firewall should not be configured to restrict the
IDS from performing its function properly. Because this is a detection
system we would expect it to pick up all intrusions including other
legitimate operations from security products.
Q: What is Signature Analysis?
A: Signatures are identifiable attack patterns, either strings within data or
more complex events. The signature can be defined as an event or pro-
cess with a resulting outcome. Systems that are compromised can be
monitored to identify what types of attacks are in progress. The anal-
ysis portion involves pattern matching against a database. For further
details, have a look at https://traloihay.net
iaabu/netrangr/nr220/nr220ug/sigs.htm.
https://traloihay.net
Chapter 8
Network Security
Management
Solutions in this chapter:
■
PIX Firewall Manager
■
CiscoWorks 2000 ACL Manager
■
Cisco Secure Policy Manager
■
Cisco Secure ACS
341Introduction
The goal of network security management is to control access to network
resources according to your business requirements and policies. With the
appropriate authorization and authentication, access to sensitive informa-
tion can be controlled; only people with the appropriate access codes will
have access.
With an ever-increasing number of devices on your network that are
used to secure your network resources against intruders, you need an
uncomplicated and straight-forward way to control and manage your net-
work security policy. The Cisco applications covered in this chapter let you
manage the security devices on your network effectively.
PIX Firewall Manager
When you need to administer a large network, you will have one or more
firewalls on the border of your network, connecting either to the Internet or
to a customer’s company with whom you need to communicate. The fire-
walls installed on your network will play an important role in protecting
against intruders from outside your network. It is critical that you manage
them effectively and efficiently.
Cisco has developed PIX Firewall Manager for their PIX Firewall product
range to do just this. The rules for accessing your network are defined at a
central point and can be distributed to multiple firewalls on the border of
your network.
PIX Firewall Manager Overview
When you have one or more PIX Firewalls installed on your network pro-
tecting the resources inside your network against potential intrusion from
outside, you can use PIX Firewall Manager to administer and manage the
PIX Firewall device security policy. PIX Firewall Manager can manage one
or more PIX Firewalls from any host with a Graphical User Interface (GUI).
The most basic use of PIX Firewall Manager is to add, remove, and change
the security policy and rules for all communication between your network
and the outside world.
PIX Firewall Manager, or PFM, can be installed on a Microsoft Windows
NT Server or Workstation and includes two components:
■
Management Server
■