skip to content
Security monitoring with Cisco security MARS Preview this item
ClosePreview this item

Security monitoring with Cisco security MARS

Author: Gary Halleen; Greg Kellogg
Publisher: Indianapolis, IN : Cisco Press, ©2007.
Series: Cisco Press networking technology series.
Edition/Format:   Print book : EnglishView all editions and formats

(not yet rated) 0 with reviews - Be the first.

More like this

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...


Material Type: Internet resource
Document Type: Book, Internet Resource
All Authors / Contributors: Gary Halleen; Greg Kellogg
ISBN: 9781587052705 1587052709
OCLC Number: 134992316
Notes: Includes index.
Description: xix, 6-316 pages : illustrations ; 23 cm.
Contents: Foreword IntroductionPart I Introduction to CS-MARS and Security Threat MitigationChapter 1 Introducing CS-MARSIntroduction to Security Information Management The Role of a SIM in Today's Network Common Features for SIM Products Desirable Features for SIM ProductsChallenges in Security Monitoring Types of Events MessagesUnderstanding CS-MARS Security Threat Mitigation System Topology and Visualization Robust Reporting and Rules Engine Alerts and Mitigation Description of TerminologyCS-MARS User Interface Dashboard Network Status My ReportsSummaryChapter 2 Regulatory Challenges in DepthHealth Insurance Portability and Accountability Act of 1996 (HIPAA) Who Is Affected by HIPAA? What Are the Penalties for Noncompliance? HIPAA Security Rule HIPAA Security Rule and Security Monitoring Gramm-Leach-Bliley Act of 1999 (GLB Act) Who Is Affected by the GLB Act? What Are the Penalties for Noncompliance with GLB? The GLB Act Safeguards Rule The GLB Safeguards Rule and Security Monitoring The Sarbanes-Oxley Act of 2002 (SOX) Who Is Affected by Sarbanes-Oxley? What Are the Penalties for Noncompliance with Sarbanes-Oxley? Sarbanes-Oxley Internal Controls Payment Card Industry Data Security Standard (PCI-DSS) Who Is Affected by the PCI Data Security Standard? What Are the Penalties for Noncompliance with PCI-DSS? The PCI Data Security Standard Compliance Validation Requirements Summary Chapter 3 CS-MARS Deployment ScenariosDeployment Types Local and Standalone Controllers Global Controllers Sizing a CS-MARS Deployment Special Considerations for Cisco IPSs Determining Your Events per Second Determining Your Storage Requirements Considerations for Reporting Performance Considerations for Future Growth and Flood Conditions Planning for Topology Awareness CS-MARS Sizing Case Studies Retail Chain Example State Government Example Healthcare Example Summary Part II CS-MARS Operations and ForensicsChapter 4 Securing CS-MARSPhysical Security Inherent Security of MARS Appliances Security Management Network MARS Communications Requirements Network Security Recommendations Ingress Firewall Rules Egress Firewall Rules Network-Based IDS and IPS Issues Summary Chapter 5 Rules, Reports, and QueriesBuilt-In Reports Understanding the Reporting Interface Reporting Methods The Query Interface Creating an On-Demand Report Batch Reports and the Report Wizard Creating a Rule About Rules Creating the Rule Creating Drop Rules About Drop Rules Creating the Drop Rule Summary Chapter 6 Incident Investigation and ForensicsIncident Handling and Forensic Techniques Initial Incident Investigation Viewing Incident Details Finishing Your Investigation False-Positive Tuning Deciding Where to Tune Tuning False Positives in MARS Summary Chapter 7 Archiving and Disaster RecoveryUnderstanding CS-MARS Archiving Planning and Selecting the Archive Server Configuring the Archiving Server Configuring CS-MARS for Archiving Using the Archives Restoring from Archive Restoring to a Reporting Appliance Direct Access of Archived Events Retrieving Raw Events from Archive Summary Part III CS-MARS Advanced TopicsChapter 8 Integration with Cisco Security ManagerConfiguring CS-Manager to Support CS-MARS Configuring CS-MARS to Integrate with CS-Manager Using CS-Manager Within CS-MARS Summary Chapter 9 Troubleshooting CS-MARSBe Prepared Troubleshooting MARS Hardware Beeping Noises Degraded RAID Array Troubleshooting Software and Devices Unknown Reporting Device IP Check Point or Other Logs Are Incorrectly Parsed New Monitored Device Logs Still Not Parsed How Much Storage Is Being Used, and How Long Will It Last? E-Mail Notifications Sent to Admin Group Never Arrive MARS Is Not Receiving Events from Devices Summary Chapter 10 Network Admission ControlTypes of Cisco NAC NAC Framework Host Conditions Understanding NAC Framework Communications Configuration of CS-MARS for NAC Framework Reporting Information Available on CS-MARS Summary Chapter 11 CS-MARS Custom ParserGetting Messages to CS-MARS Determining What to Parse Adding the Device or Application Type Adding Log Templates First Log Template Second and Third Log Templates Fourth and Fifth Log Templates Additional Messages Adding Monitored Device or Software Queries, Reports, and Rules Queries Reports Rules Custom Parser for Cisco CSC Module Summary Chapter 12 CS-MARS Global ControllerUnderstanding the Global Controller Zones Installing the Global Controller Enabling Communications Between Controllers Troubleshooting Using the Global Controller Interface Logging In to the Controller Dashboard Drilling Down into an Incident Query/Reports Local Versus Global Rules Security and Monitor Devices Custom Parser Software Upgrades Global Controller Recovery Summary Part IV AppendixesAppendix A Querying the ArchiveAppendix B CS-MARS Command ReferenceAppendix C Useful WebsitesIndex 1587052709 TOC 6/11/2007
Series Title: Cisco Press networking technology series.
Responsibility: Gary Halleen, Greg Kellogg.
More information:


User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...


Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data

Primary Entity

<> # Security monitoring with Cisco security MARS
    a schema:Book, schema:CreativeWork ;
   library:oclcnum "134992316" ;
   library:placeOfPublication <> ; # Indianapolis, IN
   library:placeOfPublication <> ;
   schema:about <> ; # Computersicherheit
   schema:about <> ;
   schema:about <> ; # Computer security--Evaluation
   schema:about <> ; # Rechnernetz
   schema:about <> ; # Computer security--Evaluation
   schema:about <> ; # Computer networks--Security measures
   schema:about <> ; # Computer networks--Security measures
   schema:about <> ; # Cisco
   schema:bookFormat bgn:PrintBook ;
   schema:contributor <> ; # Greg Kellogg
   schema:copyrightYear "2007" ;
   schema:creator <> ; # Gary Halleen
   schema:datePublished "2007" ;
   schema:exampleOfWork <> ;
   schema:inLanguage "en" ;
   schema:isPartOf <> ; # Cisco Press networking technology series.
   schema:name "Security monitoring with Cisco security MARS"@en ;
   schema:productID "134992316" ;
   schema:publication <> ;
   schema:publisher <> ; # Cisco Press
   schema:url <> ;
   schema:url <> ;
   schema:workExample <> ;
   wdrs:describedby <> ;

Related Entities

<> # Indianapolis, IN
    a schema:Place ;
   schema:name "Indianapolis, IN" ;

<> # Cisco Press networking technology series.
    a bgn:PublicationSeries ;
   schema:hasPart <> ; # Security monitoring with Cisco security MARS
   schema:name "Cisco Press networking technology series." ;
   schema:name "Cisco Press networking technology series" ;

<> # Computer networks--Security measures
    a schema:Intangible ;
   schema:name "Computer networks--Security measures"@en ;

<> # Computer networks--Security measures
    a schema:Intangible ;
   schema:name "Computer networks--Security measures"@en ;

<> # Computer security--Evaluation
    a schema:Intangible ;
   schema:name "Computer security--Evaluation"@en ;

<> # Gary Halleen
    a schema:Person ;
   schema:familyName "Halleen" ;
   schema:givenName "Gary" ;
   schema:name "Gary Halleen" ;

<> # Greg Kellogg
    a schema:Person ;
   schema:familyName "Kellogg" ;
   schema:givenName "Greg" ;
   schema:name "Greg Kellogg" ;

    a schema:ProductModel ;
   schema:isbn "1587052709" ;
   schema:isbn "9781587052705" ;

Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.