Cisco Guard Configuration Guide (Software Version 3.08)
Preface
Download this chapter
PrefacePreface
Download the complete book
Cisco Guard User Guide (Software Version 3.0.8), Book-Length PDFCisco Guard User Guide (Software Version 3.0.8), Book-Length PDF (PDF - 4 MB)
give_us_feedback

Table Of Contents

Preface

Audience

Organization

How To Read This Manual

Conventions

Obtaining Documentation, Obtaining Support, and Security Guidelines


Preface

This preface describes the audience, organization, and conventions of this publication, and provides information on how to obtain related documentation.

Audience

The Cisco Guard User Guide Version 3.0.8 is aimed at:

Network administrators

Engineers

Operators

Network security professionals

This document assumes a thorough knowledge of networking and networking security.

Organization

This guide is divided into the following chapters:

Chapter
Title
Description

1

Overview

Provides information about the document and generally outlines the Guard concept and operation.

2

Initial Procedures

Provides information about the Guard basic and advanced initial procedures such as: Guard wiring, getting around in the CLI environment, basic and advanced Guard operations, and user type definition procedures.

3

Guard Configuration

Provides information about the configuration of the Guard Interface, SSH management, TCP Proxy, log file transfer, and Guard Self Protection procedures.

4

Zone Traffic Diversion

Provides information about the zone traffic diversion procedures such as: various diversion methods, Cisco and Juniper environment implementations, diversion environment and Zebra configurations.

5

Zone Configurations

Provides information about the basic Zone configurations, Zone diversion configuration, Zone traffic learning procedures and Zone protection termination procedure.

6

On-Demand Protection

Provides information about on-demand Zone protection procedures. These procedures include learning-independent protection, traffic analysis, protection troubleshooting, mitigation checkup, and attack analysis.

7

Routine Guard Procedures

Provides information about procedures that should be performed in routine and after the Zone configuration phase. These procedures include verification of the Zone status, learning phase, protected Zone status, Dynamic filters and Zone log.

8

Guard Diagnostics and Maintenance

Provides information about the commands relating to the Guard's diagnostics and maintenance operations.

9

Advanced Filter Procedures

Provides information about the Guard filter system and details the Flex, Bypass, User, and Dynamic filter configuration procedures.

10

Advanced Policy Procedures

Provides information about the Guard policies and policy procedures. The latter include: policy Construction and Tuning Threshold procedures, and policy administrative procedures.

11

Interactive Recommendations Mode

Provides information on the Interactive Recommendation operation mode. The chapter details the Guard protection recommendations, the user decision options, and the policy interactive status.

12

Attack Reports

Provide information on the Guard attack reporting process, the report structure, and viewing options. The chapter concludes in example cases of attack reports analysis.

Appendix A

Diversion Configuration

Provides additional information relating to the Diversion procedure including sample code lines.

Appendix B

Diversion Troubleshooting

Provides information about the Diversion troubleshooting procedure with sample screens.


How To Read This Manual

Refer to the following recommended guidelines when reading this manual:

Chapter 1—Read this chapter to familiarize your self with this manual and the theoretical concepts underlying the Guard.

Chapters 2 to 5—Read these chapters to know how to wire the Guard, and configure the Guard and its Zone to apply Zone protection.

Chapter 6—Read this chapter to be able to protect a Zone under a sudden attack or whenever unable to go through the learning procedures.

Chapter 7—Read this chapter to know how to perform Guard routine operation procedures.

Chapter 8—Read this chapter to know how to perform Guard maintenance and diagnostics operations.

Chapter 9—Read this chapter to know more about the Guard filter system and how to customize it to your protection requirements.

Chapter 10—Read this chapter to know more about the Guard policies, their role, structure and operation, their configuration procedures and how to manage them to get a better tailored Zone protection.

Chapter 11—Read this chapter to know more about the Interactive Recommendations mode, the recommendation's structure and how to manage them to get a better tailored Zone protection.

Chapter 12—Read this chapter to know more about the attack reports and how to analyze them.

Glossary—Read this chapter to familiarize your self with Guard terminology.

Appendix A and B—Read these to know more of diversion-related configurations and troubleshooting

Conventions

This manual uses the following conventions:

Convention
Description

boldface font

Commands and keywords are in boldface.

Italic font

Indicates names in configuration samples and refers the reader to places in the document for further details.

Screen font

Information to be displayed or typed on the screen.

boldface screen font

Information you must enter is in boldface screen font.

Angle brackets (< >)

Indicates a command's parameter to be typed in.

Curly brackets ({ })

Indicates command parameters from which you must choose one.

Square brackets ([ ])

Indicates an optional command parameter.

|

Separates two mutually exclusive choices in a syntax line. Type one of these choices, not the symbol.

admin@DETECTOR#

Indicates the default CLI prompt.


Notes use the following conventions:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.

Cautions use the following conventions:

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html