Cisco Traffic Anomaly Detector Module Web-Based Manager Configuration Guide (Software Version 5.0) - Index [Cisco Services Modules]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Z

Index

A

action

basic filter5-5

drop filter5-6

permit filter5-5

strong filter5-6

User filter5-5

activation extent

entire zone4-13

IP address only4-13

activation interface4-13

by IP address4-13

by packet4-13

active Dynamic filters10-11

analyzing traffic flow10-14

anomaly detection

activating9-3

verifying9-4

anomaly flow10-25

attack detection/termination parameters4-12

attack report

deleting10-29

exporting10-28

statistics10-23

understanding report details10-22

viewing current attack details10-22

viewing past attack details10-21

zone10-21

attacks summary report10-17

attack statistics10-23

attack summary10-18

attack type10-19

auth packet types8-4, 10-31

automatic learning

configuring7-13

automatic operation mode4-6, 9-2

automatic packet-dump capture11-2

B

bandwidth limited link templates4-8

base capture11-14

base zone services

adding7-27

copying policy parameters to the base zone7-28

deleting7-27

basic filter actions5-5

Berkley Packet filter5-12

Bypass filter

adding5-8

configuring5-2, 5-7

deleting5-9

C

changing password3-6

configuring

automatic learning parameters7-13

Bypass filter5-2, 5-7

policy templates6-4

User filter5-3

zone4-6

connections10-30

constructing policies7-2

counters

received packets10-5

viewing10-4

zone10-12

D

DDoS1-4

Detect and Learn feature7-3

activating7-16

deactivating7-17

detected anomalies

types10-24, 10-25

viewing10-23

viewing details10-26

detected attack10-19

Detect feature

activating9-3

deactivating9-4

detect mode

activating9-3

deactivating9-4

Detector recommendations, acting on a recommendation9-11

diagnostics, viewing10-4

distributed denial of service, See DDoS

DNS

policy templates6-2

tcp protocol flow10-20

drop filter action5-6

dst traffic characteristics8-5

Dynamic filter

active10-11

definition5-2

delete9-7

pending10-11

preventing production of9-8

viewing9-5

E

event log

global10-6

zone10-15

exporting an attack report10-28

extent of zone protection4-4

F

filter

Dynamic5-2

Flex-Content5-3

User5-2

filter-rate termination threshold4-12

filters, zone filters overview5-1

Flex-Content filter

adding5-15

definition5-3

deleting5-17

expression5-10

pattern5-14

fragments10-20, 10-25

G

general attack information10-22

global counters, viewing in real time10-5

GUARD_ zone template

activation methods4-4

extent of zone protection4-4

policy templates included with zone templates6-4

sub-zones4-5

H

HTTP10-24

HTTP policy template6-2

hybrid10-20

I

icons1-8

information area1-8

in packet types8-4, 10-31

interactive operation mode4-6, 9-2

IP scan6-2, 10-20, 10-25

IP threshold configuration8-13

J

Java 2 Runtime Environment (JRE), installing1-2

L

learning process

accepting the results of the policy construction phase7-6

accepting the threshold tuning phase results7-8

performing7-4

phases7-2

policy construction phase7-2

starting the policy construction phase7-5

starting the threshold tuning phase7-7

stopping the policy construction phase7-6

stopping the threshold tuning phase7-10

threshold tuning phase7-2

LINK templates4-8

M

main menu bar1-7

malicious-rate detection threshold4-12

malicious-rate termination threshold4-12

manual packet-dump capture11-2

marking zone policies tuned or untuned7-20

N

navigation area1-7

new recommendations9-9

O

operation mode

automatic4-6

interactive4-6

other protocols, policy template6-2

out_pkts packet types10-31

P

packet-dump capture

automatic capture11-2

copying a file11-17

deleting a file11-21

enabling or disabling an automatic capture11-2

exporting a file11-18

importing a file11-19

manual capture11-2

overview11-1

renaming a file11-16

starting a manual capture11-4

stopping a manual capture11-6

viewing details11-9

packet-dump parameters4-14

packet type

auth8-4

in8-4

out_pkts10-31

pkts8-4, 10-32

reqs8-4

syns8-4

unauth_pkts8-4, 10-32

password, changing3-6

pending Dynamic filters10-11

accepting9-14

fields9-12

viewing9-12

permit filter action5-5

pkts packet type8-4, 10-32

policy

constructing7-2

key8-5

service8-3

statistics10-30

policy construction phase7-2

starting7-5

stopping7-6

policy statistics table, viewing10-30

policy template

configuring6-4

Guard policy templates for synchronization6-4

maximum services6-6

minimum threshold6-6

modify6-5

other_protocols6-2

state6-5

template types6-1

types of templates6-2

policy types8-4

port scan6-2, 10-20, 10-25

protection activation methods4-4

protection-end timer4-12

Protect-IP state

entire zone4-9

only dst IP4-9

only DstIP by address4-10

policy type4-9

R

ratio10-30

recommendations

fields9-9

viewing new9-9

reference capture11-15

reqs packet type8-4, 10-31

S

scanners traffic characteristics8-5

snapshot7-21

comparing two snapshots7-24

learning process results7-21

viewing, modifying, or saving to the zone configuration7-22

zone configuration policies7-22

src traffic characteristics8-5, 10-32

status icons1-8

status summary, zone10-11

strong filter action5-6

sub-zone, understanding4-5

syn_by_fin packet type10-31

syns packet types8-4, 10-31

system requirements1-1

T

TCP

detected anomalies10-19, 10-24

policy templates6-2

template, zone4-7

threshold

configuring IP threshold8-13

tuning7-2

threshold tuning phase7-2

accepting the results7-8

starting7-7

stopping7-10

troubleshooting WBM connection2-2

tuning thresholds7-2, 7-7

U

UDP

policy template6-3

unauth_pkts packet type8-4, 10-32

User filter5-2

action5-5

adding5-4

configuring5-3

deleting5-7

user profile

creating3-4

deleting3-5

V

viewing

attack reports10-17, 10-21

counters10-12, 10-14

diagnostics10-4

pending dynamic filters9-12

policy configuration differences7-24

policy statistics10-30

recommendations9-9

zone status9-4

W

WBM

enabling service2-2

setting up2-1

troubleshooting connection2-2

worm

policy8-5

policy templates6-3

Z

zone

counters10-12

event log10-15

icons1-8

operation mode4-6

status summary10-11

templates4-7

zone configuration

adding an IP address4-16

creating from an existing zone4-14

creating from a template4-6

deleting4-17

deleting an IP address4-17

modifying4-15

zone counters

viewing10-12

viewing in real time10-14

zone creation methods4-2

zone diagnostic tools10-12

zone event log10-15

zone policies

tuned7-19

untuned7-19

viewing8-1

zone policy

adding an IP address and threshold8-14, 8-15

adding a service8-17

deleting a service8-19

modifying a single policy8-8

modifying multiple policies8-10

zone recent events table10-11

zone status10-8

zone status bar10-10

zone status table10-11

zone synchronization4-2

zone templates4-2

Cisco Guard templates4-2

DETECTOR_4-7

Detector templates4-2

for zone synchronization4-7

GUARD_4-7

types of templates4-7

zone traffic rate graph10-10

	Cisco Traffic Anomaly Detector Module Web-Based Manager Configuration Guide (Software Version 5.0)
	Index
Cisco Traffic Anomaly Detector Module Web-Based Manager Configuration Guide (Software Version 5.0) Index Preface Introduction Enabling and Launching the WBM Managing User Access Creating and Configuring Zones Configuring Zone Filters Configuring Policy Templates Learning Zone Traffic Managing Zone Policies Activating Anomaly Detection Monitoring Detector Module and Zone Operations Managing the Packet-Dump Feature	Download this chapter Index Download the complete book Cisco Traffic Anomaly Detector Module Web-Based Manager Configuration Guide (Software Version 5.0), Book-Length PDFOL- (PDF - 3 MB) Table Of Contents A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Z Index A action basic filter5-5 drop filter5-6 permit filter5-5 strong filter5-6 User filter5-5 activation extent entire zone4-13 IP address only4-13 activation interface4-13 by IP address4-13 by packet4-13 active Dynamic filters10-11 analyzing traffic flow10-14 anomaly detection activating9-3 verifying9-4 anomaly flow10-25 attack detection/termination parameters4-12 attack report deleting10-29 exporting10-28 statistics10-23 understanding report details10-22 viewing current attack details10-22 viewing past attack details10-21 zone10-21 attacks summary report10-17 attack statistics10-23 attack summary10-18 attack type10-19 auth packet types8-4, 10-31 automatic learning configuring7-13 automatic operation mode4-6, 9-2 automatic packet-dump capture11-2 B bandwidth limited link templates4-8 base capture11-14 base zone services adding7-27 copying policy parameters to the base zone7-28 deleting7-27 basic filter actions5-5 Berkley Packet filter5-12 Bypass filter adding5-8 configuring5-2, 5-7 deleting5-9 C changing password3-6 configuring automatic learning parameters7-13 Bypass filter5-2, 5-7 policy templates6-4 User filter5-3 zone4-6 connections10-30 constructing policies7-2 counters received packets10-5 viewing10-4 zone10-12 D DDoS1-4 Detect and Learn feature7-3 activating7-16 deactivating7-17 detected anomalies types10-24, 10-25 viewing10-23 viewing details10-26 detected attack10-19 Detect feature activating9-3 deactivating9-4 detect mode activating9-3 deactivating9-4 Detector recommendations, acting on a recommendation9-11 diagnostics, viewing10-4 distributed denial of service, See DDoS DNS policy templates6-2 tcp protocol flow10-20 drop filter action5-6 dst traffic characteristics8-5 Dynamic filter active10-11 definition5-2 delete9-7 pending10-11 preventing production of9-8 viewing9-5 E event log global10-6 zone10-15 exporting an attack report10-28 extent of zone protection4-4 F filter Dynamic5-2 Flex-Content5-3 User5-2 filter-rate termination threshold4-12 filters, zone filters overview5-1 Flex-Content filter adding5-15 definition5-3 deleting5-17 expression5-10 pattern5-14 fragments10-20, 10-25 G general attack information10-22 global counters, viewing in real time10-5 GUARD_ zone template activation methods4-4 extent of zone protection4-4 policy templates included with zone templates6-4 sub-zones4-5 H HTTP10-24 HTTP policy template6-2 hybrid10-20 I icons1-8 information area1-8 in packet types8-4, 10-31 interactive operation mode4-6, 9-2 IP scan6-2, 10-20, 10-25 IP threshold configuration8-13 J Java 2 Runtime Environment (JRE), installing1-2 L learning process accepting the results of the policy construction phase7-6 accepting the threshold tuning phase results7-8 performing7-4 phases7-2 policy construction phase7-2 starting the policy construction phase7-5 starting the threshold tuning phase7-7 stopping the policy construction phase7-6 stopping the threshold tuning phase7-10 threshold tuning phase7-2 LINK templates4-8 M main menu bar1-7 malicious-rate detection threshold4-12 malicious-rate termination threshold4-12 manual packet-dump capture11-2 marking zone policies tuned or untuned7-20 N navigation area1-7 new recommendations9-9 O operation mode automatic4-6 interactive4-6 other protocols, policy template6-2 out_pkts packet types10-31 P packet-dump capture automatic capture11-2 copying a file11-17 deleting a file11-21 enabling or disabling an automatic capture11-2 exporting a file11-18 importing a file11-19 manual capture11-2 overview11-1 renaming a file11-16 starting a manual capture11-4 stopping a manual capture11-6 viewing details11-9 packet-dump parameters4-14 packet type auth8-4 in8-4 out_pkts10-31 pkts8-4, 10-32 reqs8-4 syns8-4 unauth_pkts8-4, 10-32 password, changing3-6 pending Dynamic filters10-11 accepting9-14 fields9-12 viewing9-12 permit filter action5-5 pkts packet type8-4, 10-32 policy constructing7-2 key8-5 service8-3 statistics10-30 policy construction phase7-2 starting7-5 stopping7-6 policy statistics table, viewing10-30 policy template configuring6-4 Guard policy templates for synchronization6-4 maximum services6-6 minimum threshold6-6 modify6-5 other_protocols6-2 state6-5 template types6-1 types of templates6-2 policy types8-4 port scan6-2, 10-20, 10-25 protection activation methods4-4 protection-end timer4-12 Protect-IP state entire zone4-9 only dst IP4-9 only DstIP by address4-10 policy type4-9 R ratio10-30 recommendations fields9-9 viewing new9-9 reference capture11-15 reqs packet type8-4, 10-31 S scanners traffic characteristics8-5 snapshot7-21 comparing two snapshots7-24 learning process results7-21 viewing, modifying, or saving to the zone configuration7-22 zone configuration policies7-22 src traffic characteristics8-5, 10-32 status icons1-8 status summary, zone10-11 strong filter action5-6 sub-zone, understanding4-5 syn_by_fin packet type10-31 syns packet types8-4, 10-31 system requirements1-1 T TCP detected anomalies10-19, 10-24 policy templates6-2 template, zone4-7 threshold configuring IP threshold8-13 tuning7-2 threshold tuning phase7-2 accepting the results7-8 starting7-7 stopping7-10 troubleshooting WBM connection2-2 tuning thresholds7-2, 7-7 U UDP policy template6-3 unauth_pkts packet type8-4, 10-32 User filter5-2 action5-5 adding5-4 configuring5-3 deleting5-7 user profile creating3-4 deleting3-5 V viewing attack reports10-17, 10-21 counters10-12, 10-14 diagnostics10-4 pending dynamic filters9-12 policy configuration differences7-24 policy statistics10-30 recommendations9-9 zone status9-4 W WBM enabling service2-2 setting up2-1 troubleshooting connection2-2 worm policy8-5 policy templates6-3 Z zone counters10-12 event log10-15 icons1-8 operation mode4-6 status summary10-11 templates4-7 zone configuration adding an IP address4-16 creating from an existing zone4-14 creating from a template4-6 deleting4-17 deleting an IP address4-17 modifying4-15 zone counters viewing10-12 viewing in real time10-14 zone creation methods4-2 zone diagnostic tools10-12 zone event log10-15 zone policies tuned7-19 untuned7-19 viewing8-1 zone policy adding an IP address and threshold8-14, 8-15 adding a service8-17 deleting a service8-19 modifying a single policy8-8 modifying multiple policies8-10 zone recent events table10-11 zone status10-8 zone status bar10-10 zone status table10-11 zone synchronization4-2 zone templates4-2 Cisco Guard templates4-2 DETECTOR_4-7 Detector templates4-2 for zone synchronization4-7 GUARD_4-7 types of templates4-7 zone traffic rate graph10-10
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.