Cisco Guard Web-Based Management Configuration Guide (Software Version 3.1(0))
Introduction
Download this chapter
IntroductionIntroduction
Download the complete book
Cisco Guard Web-Based Management User Guide(Software Version 3.1(0)), Book-Length PDFCisco Guard Web-Based Management User Guide(Software Version 3.1(0)), Book-Length PDF (PDF - 4 MB)
give_us_feedback

Table Of Contents

Introduction

System Requirements

What is DDoS

The Cisco Guard

The User Interface


Introduction

This chapter provides an overview of the Cisco Guard Web-Based Management (WMB) interface. This chapter includes the following sections:

System Requirements

What is DDoS

The Cisco Guard

The User Interface

System Requirements

The Cisco Guard Web-Based Management (WMB) interface supports an Internet Browser, Microsoft Internet Explorer 5 or higher, that supports HTML, Tables, Cookies, JavaScript and Frames.

We recommend that you use a screen resolution of minimum of 1024 by 768 pixels.

No software installation is required.

What is DDoS

The Distributed Denial of Service (DDoS) attacks are attacks in which malicious individuals cause thousands of compromised computers (zombies) to run automated scripts that cripple a protected server's (the zone) network resources with spurious requests for service. The attacks can be, for example, a flood of bogus home page requests to a web server that shuts out legitimate consumers, or efforts that compromise the availability and accuracy of Domain Name System (DNS) servers. Although often launched by an individual, the zombies actually executing the attacking code may number in the hundreds of thousands, and are distributed over multiple autonomous systems, administered by multiple organizations.

DDoS attacks continuously evolve as sophisticated hackers create damaging new exploits. In addition, their attack scripts are made widely available on the Internet and are routinely executed by individuals with minimal technical knowledge of networking. Thus, DDoS defense technology must be flexible and adaptive.

It must be capable of detecting an upcoming DDoS attack, differentiate between malicious and legitimate traffic, and perform those tasks without hindering the traffic flow of the attacked network element

The Cisco Guard

The Guard is a high performance network device deployed in a distributed upstream configuration, at the ISP/MSP/backbone level, protecting the entire network. When an attack is detected, the system diverts only the attacked zone's traffic to the Guard. The data flow is analyzed. All DDoS components are obstructed and clean traffic is allowed to continue flowing to the intended zone. The Guard allows a transparent zone traffic flow, while constantly filtering the traffic, and remaining attuned to zone traffic characteristics, so as to be on the alert for evolving attack patterns.

To accomplish these tasks the Guard employs the following components:

Traffic diversion mechanisms that redirect (divert) the zone's traffic to the Guard Learning and Protection systems and then return (inject) the legitimate traffic flow back to the zone. This is performed while preventing the obstruction of network traffic.

An algorithm-based learning system that learns the zone traffic, adopts itself to its particular characteristics, and supports the Protection system with references and protection instructions in the form of Thresholds and Policies. In addition, the Guard has on-demand protection to answer a situation in which the zone is under attack while the Guard has not completed its Learning and tuning to the zone traffic.

A protection system that distinguishes between the legitimate and the suspicious traffic and filters the malicious traffic. Only the legitimate traffic is then allowed to pass on to the zone.

Integrating these components enables the Guard to assume its protective role when there is an attack, while remaining in the background for the rest of the time.

The User Interface

The WBM provides access to various Guard configuration and management screens, allowing you to view statistics, and graphically monitor the system status.

The WBM enables you to configure and monitor the various protection mechanisms. It provides a subset of the CLI functionality and deals mainly with protected zone configuration, status, and reports. Configuration parameters, relating to procedures such as initial Guard setup procedure and network-level setup of the Guard are only accessible through the CLI. See the Cisco Guard User Guide for further details.

Figure 1-1 displays the WBM user interface. The user interface is divided into different areas.

Figure 1-1 WBM User Interface

Area
Function

1

Main Menu Bar—there are different menu bars for the Guard and the zones. If Guard Summary is selected in the navigation pane the Guard's main menu is displayed. If one of the zones is selected in the navigation pane, the Zone's main menu is displayed. (See Figure 1-1.)

You can navigate to the page you want, either by selecting a menu option, or by using the navigation path.

2

Navigation Path—the path to the current location. To navigate to a different view, select the location and click the right mouse button.

3

Navigation Pane—displays a list of links to the home pages of the zones and of the Guard. Select a link from the list to display the home page in the display area (5). The selected item is highlighted by a white frame.

You can change the size of the pane.

4

Information Area—provides access to the Guard's Home page and other useful information

5

Display Area—displays the views selected by the user.

You can change the size of the display area.


Figure 1-2 WBM Menu Hierarchy