Cccxczxc

http://blog.shafagh.com/persian
http://forum.shafagh.com

2002 1331

10 MRTG
Receive . Port Utilization
Download Alert IDS (
IDS ISS IBM ) SQL
. ) (Worm . Signature IDS
) (Zero Day ) (Anomaly Detect
Scanning .

SANS ... Vulnerability Microsoft SQL

Exploit . Traffic Monitor
Sensor IDS
detect PIX525 .

.

IDS Log
MRTG . Event Correlation Log
.

. Slammer
CS-MARS

Page 1 of 12
 Slammer NIMDA Code Red (NIMDA
ADMIN !) Slammer Code Red (
)
Exploit IIS !
IIS CSA Cisco Secure
Agent Host Intrusion Prevention .

Cisco Secure MARS

Log IPS Event Log
. Event
Correlation.

Protego MARS .
STM Security Threat Mitigation .
Oracle :
20,25,50,55,100,110,200,210,GC,GC2,GCR,GC2R

Log Hard Disk .

CS-MARS 6.0.3( . )

10200 !
0600 . Cisco Self-Defending Network .
IPS, Firewall .
.

Page 2 of 12
 IP GUI SSL .
pnadmin PNMARS Protego

License .
License License
:

Page 3 of 12
 License Dashboard :

SDEE NetFlow SNMP Syslog

.

Data Reduction Admin

4 Event
Event Session Incident
.

Page 4 of 12
 Dashboard
Packet . 43 2661364
63 Data .

Page 5 of 12
 .

. 123
. 25 SMTP.

Incident . Incident
20 SMTP .

Page 6 of 12
 Session .
6500
. IP NAT
MARS .

Incident Vector webserver

.

Page 7 of 12
 Path Information Hacker Target :

MARS Access-list
MAC

Page 8 of 12
 SMTP .

Log .
.
Perimeter Security

Page 9 of 12

BOX .

MARS :

Page 10 of 12
 Security Monitoring with Cisco Security MARS
PCI NAC
: Regularity

http://www.ciscopress.com/bookstore/product.asp?isbn=1587052709

Security Threat Mitigation and Response: Understanding Cisco Security Mars

: Log

http://www.ciscopress.com/bookstore/product.asp?isbn=1587052601

: Configuration Guide

http://www.cisco.com/go/mars
http://www.cisco.com/en/US/products/ps6241/tsd_products_support_configure.html

: SANS

http://www.sans.org/reading_room/whitepapers/logging/configuring_and_tun
ing_cisco_csmars_2044

Page 11 of 12
 !Update
June 3 2011 Update
. SIEM .

CCSP 642-545 MARS

.

Page 12 of 12