Source: Cisco Press
Cisco Security Monitoring, Analysis, and Response System (CS-MARS) is a powerful tool that can dramatically increase your knowledge of activity on your network. But as a topology-aware SIM product, CS-MARS often contains sensitive information that needs to be protected from malicious users. If an attacker gains access to your base operating system or gains physical access to the appliance, he could use that access to retrieve all information contained on your hard drives, which could include device authentication information. He could also use that access to install back doors to allow remote access at any time.
In this chapter download from Security Monitoring with Cisco Security MARS, investigate why you need to secure CS-MARS and other security management or monitoring products, and learn how to protect MARS from attack. The chapter describes recommendations for securing MARS appliances, both physically and electronically. It also provides detailed insight into the TCP and User Datagram Protocol (UDP) ports that MARS requires for communication with other MARS appliances, in addition to monitored security, network, and other devices.
Title: Security Monitoring with Cisco Security MARS
Author: Gary Halleen, Greg Kellogg
Publisher: Cisco Press
Chapter 4: Securing CS-MARS
ISBN: 1-58705-270-9; Copyright 2007, Cisco Press. All rights reserved.
Used with permission from the publisher. Available from booksellers or direct from Cisco Press