Improve your network defenses: Identify and classify security threats with these best practices and methodologies

Having the tools and mechanisms to identify and classify threats and anomalies in your network is crucial to effective network defense. In this chapter download from End-to-End Network Security: Defense-in-Depth, learn several best practices and methodologies that you can use to successfully and quickly classify such threats. Chapter coverage includes:

• Using technologies and tools to obtain information from your network and detect anomalies that may be malicious activity
• Understanding Cisco NetFlow, SYSLOG, and SNMP
• Understanding robust event correlation systems, such as CS-MARS and open source monitoring systems that can be used in conjunction with NetFlow to allow you to gain better visibility in your network
• Exploring anomaly detection solutions, tips on IPS/IDS tuning, and new anomaly detection features supported by Cisco IPS software

Title: End-to-End Network Security: Defense-in-Depth
Author: Omar Santos
Publisher: Cisco Press
Chapter 3: Identifying and Classifying Security Threats
ISBN: 1-58705-332-2; Copyright 2008, Cisco Press. All rights reserved.
Used with permission from the publisher. Available from booksellers or direct from Cisco Press