With NetFlow configured and several IPS, switches, routers and firewall devices imported into its database, CS-MARS will provide which of the following security features? (Choose 4)
A.
Identify which hosts have CSA installed.
B.
Draw a topology of your network.
C.
Event correlation to help identify attacks
D.
Make mitigation recommendations to stop attacks.
E.
Identification of hosts that generate abnormal amounts of traffic.
F.
Pull SNMP traps from different devices.
Explanation:
Cisco IOS NetFlow efficiently provides a key set of services for IP applications, including network traffic accounting, usage-based network billing, network planning, security, Denial of Service monitoring capabilities, and network monitoring. NetFlow provides valuable information about network users and applications, peak usage times, and traffic routing. Cisco invented NetFlow and is the leader in IP traffic flow technology
NetFlow version 9, the latest Cisco IOS NetFlow innovation, is a flexible and extensible method to record network performance data. It is the basis of a new IETF standard. Cisco is currently working with a number of partners to provide customers with comprehensive solutions for NetFlow-based, planning, monitoring and billing.
NetFlow packet details
NetFlow Analyzer accounts for the following details from the NetFlow Packets :
Source and destination IP address
Input and output interface number
Source and destination port number
Layer 4 Protocol
Number of packets in the flow
Total Bytes in the flow
Time stamp in the flow
Source and destination AS
TCP_Flag & TOS
Security Monitoring for Threat Control
Cisco Security Monitoring, Analysis and Response System (MARS) provides security monitoring for network security devices and host applications made by Cisco and other providers. Security monitoring greatly reduces false positives by providing an end-to-end view of the network, and can increase effective mitigation responses. Other features and benefits of Cisco MARS:
“Understands” the configuration and topology of your environment Promotes awareness of environmental anomalies with Network Behavior Analysis using NetFlow Provides quick and easy access to audit compliance reports with more than 150 ready-to-use customizable reports
Makes precise recommendations for threat removal, including the ability to visualize the attack path and identify the source of the threat with detailed topological graphs that simplify security response at Layer 2, and above
Security monitoring with Cisco Security MARS and Cisco Security Manager are part of the Cisco Security Management Suite, which delivers policy administration and enforcement for the Cisco Self-Defending Network.