Cisco Guard Web-Based Manager Configuration Guide (Software Version 5.0) - Index [Cisco Guard DDoS Mitigation Appliances]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Z

Index

A

action

basic filter5-6

drop filter5-6

permit filter5-6

strong filter5-6

User filter5-6

activation extent

entire zone4-12

IP address only4-12

activation interface

by IP address4-11

by packet4-11

active Dynamic filters10-14

analyzing

traffic flow10-18

zone traffic problems10-19

anomaly flow10-34

anti-spoofing internal errors10-51

attack report

deleting10-42

dropped/bounced packets10-30

exporting10-41

understanding report details10-28

viewing current attack details10-27

viewing past attack details10-27

zone10-26

attacks summary report10-22

attack statistics10-29

attack summary10-24

attack type

mitigated attack10-25, 10-37

auth packet types8-3, 10-45

automatic learning, configuring7-11

automatic operation mode4-7, 9-3

B

bad packets to proxy addresses10-50

bandwidth limited link templates4-8

base zone services

adding7-25

copying policy parameters to the base zone7-26

deleting7-25

basic filter actions5-6

Berkley Packet filter5-13

block-unauthenticated action9-10, 9-13

burst4-9

Bypass filter

adding5-8

configuring5-8

definition5-3

C

changing password3-6

client attack10-25, 10-37

configuring

Bypass filter5-8

parameters of automatic learning7-11

policy templates6-5

User filter5-4

connections10-44

constructing policies7-2

counters

dropped10-6, 10-8, 10-16, 10-20, 10-29

forwarded10-29

legitimate10-5, 10-8, 10-16, 10-20

malicious10-5, 10-8, 10-16, 10-20

received10-5, 10-8, 10-16, 10-20, 10-29

replied10-6, 10-8, 10-16, 10-20, 10-29

spoofed10-6, 10-8, 10-16, 10-20

viewing10-5

zone10-15

D

DDoS1-4

deleting an attack report10-42

detected anomalies10-34

types10-25, 10-33

viewing10-31

viewing details10-34

diagnostics, viewing10-5

distributed denial of service, See DDoS

DNS

drop statistics10-50

policy templates6-2

drop filter action5-6

dropped/bounced packets10-30

drop statistics10-47

dst traffic characteristics8-4

Dynamic filter

actions9-13

active10-14

adding9-12

definition5-2, 10-31

deleting9-14

fields9-12

pending10-14

preventing production of9-15

table9-9

terminating9-8

viewing9-9

E

event log, viewing10-9, 10-21

exporting an attack report10-41

extent of zone protection4-5

F

filter

Bypass5-3

Dynamic5-2, 10-31

User5-2, 10-31

zone filter overview5-2

filter/drop9-10, 9-13

filter/strong9-10, 9-13

filter-rate termination threshold4-10, 9-8

Flex-Content filter

adding5-14

configuring5-10

definition10-30

deleting5-17

expression5-11

pattern5-13

fragments10-33

G

general attack information10-28

H

http10-33

HTTP policy template6-2

HTTP zombies10-40, 10-43

HTTP zombies list10-43

hybrid10-25

I

icons1-8

information area1-8

in packet types10-45

interactive operation mode4-7, 9-4

interactive protection mode9-4

IP scan6-2, 10-33

IP threshold configuration8-14

J

Java 2 Runtime Environment (JRE), installing1-2

L

land attack10-51

learning process

accepting the threshold tuning phase results7-8

performing7-4

phase7-2

policy construction phase7-2

starting the policy construction phase7-5

starting the threshold tuning phase7-7

stopping the policy construction phase7-6

stopping the threshold tuning phase7-9

threshold tuning phase7-2

LINK templates4-8

M

main menu bar1-7

malformed packets10-25, 10-31, 10-37, 10-51

malicious-rate detection threshold4-9

malicious-rate termination threshold4-10, 9-8

marking zone policies tuned or untuned7-18

max. rate4-9

mitigated attack10-36

action flow10-38

anomaly flow10-38

type10-37

viewing details10-39

mitigated attacks10-39

viewing10-36

N

navigation area1-7

new recommendations9-16

O

on-demand protection

activating9-5

overview9-2

operation modes

automatic4-7

interactive4-7

other protocols

drop statistics10-49

policy template6-2

out_pkts packet types10-45

P

packet-dump capture

automatic capture11-2

copying a file11-17

deleting a file11-21

enabling or disabling an automatic capture11-3

exporting a file11-18

importing a file11-20

manual capture11-2

overview11-2

renaming a file11-16

starting a manual capture11-4

stopping a manual capture11-6

packet-dump parameters4-12

packets

dropped/bounced10-30

malformed10-31

packet type

auth8-3

out_pkts10-45

pkts8-4, 10-46

reqs8-4

syns8-4

unauth_pkts8-4, 10-46

password, changing3-6

pending Dynamic filters10-14

accepting9-22

fields9-20

permit filter action5-6

pkts packet type8-4, 10-46

policy

constructing7-2

key8-4

service8-3

statistics10-44

type8-3

policy construction phase

starting7-5

stopping7-6

policy statistics table

viewing10-44

policy template

configuring6-5

no proxy zones6-4

other_protocols6-2

template types6-2

types of templates6-2

port scan6-3, 10-33

Protect and Learn feature9-3

activating7-14

deactivating7-15

Protect feature9-3

activating9-4

deactivating9-7

protection, verification9-6

protection activation methods4-4

protection-end time4-10

R

rate-limiter10-30

ratio10-44

recommendations

fields9-17

viewing new9-16

redirect/zombie9-10, 9-13

reqs packet type8-4, 10-46

S

snapshot7-19

comparing two snapshots7-22

learning process results7-19

viewing, modifying, or saving to the zone configuration7-20

zone configuration policies7-20

spoofed attack10-25, 10-37

spoofed packets10-31

src traffic characteristics8-4, 10-47

status icons1-8

status summary, zone10-14

strong filter action5-6

sub-zone

reports10-26

understanding4-5

syn_by_fin packet type10-46

syns packet types8-4, 10-46

system requirements1-2

T

TACACS+, WBM commands3-8

TCP

detected anomalies10-33

drop statistics10-48

policy templates6-3

TCP drop statistics10-49

template, zone4-7

threshold

configuring IP threshold8-14

filter rate termination9-8

filter-rate termination4-10

malicious-rate termination4-10, 9-8

tuning7-2

threshold tuning phase7-2

accepting results7-8

starting7-7

stopping7-9

to-user-filters9-10, 9-13

traffic diversion1-5

troubleshooting WBM connection2-3

tuning thresholds7-2, 7-7

type

mitigated attack10-37

policy8-3

U

UDP

policy template6-3

UDP drop statistics10-49

unauth_pkts packet type8-4, 10-46

User filter5-2

action5-6

adding5-4

configuring5-4

definition10-31

deleting5-7

user interface1-6

user profile

creating3-4

deleting3-6

V

viewing

attack reports10-23, 10-27

counters10-15

diagnostics10-5

drop statistics10-47

Dynamic filters9-9

pending dynamic filters9-19

policy configuration differences7-22

policy statistics10-44

recommendations9-16

zone status9-6

W

WBM

enabling service2-2

setting up2-2

troubleshooting connection2-3

Z

zombie10-25, 10-37

detected10-40

list10-43

zone

counters10-15

definition4-2

deleting4-16

event log10-21

icons1-8

operation mode4-7

status summary10-14

templates4-7

zone configuration

creating from a template4-6

zone counters

viewing10-15

viewing in real time10-20

zone creation methods4-3

zone diagnostic tools10-15

zone operation modes

automatic9-3

changing to automatic9-23

changing to interactive9-24

interactive9-4

overview9-23

taking action when pending filters exceed 10009-24

zone policies

adding an IP address and threshold8-14

adding a service8-17

deleting a service8-18

modifying a single policy8-8

modifying multiple policies8-11

tuned7-17

untuned7-17

viewing8-1

zone protection

activating9-4

deactivating9-7

extent4-5

on-demand9-5

options9-2

Protect and Learn feature9-3

Protect feature9-3

verifying9-6

zone recent events table10-14

zone status, viewing10-11

zone status bar10-12

zone status table10-14

zone template4-3

template types4-7

zone traffic rate graph10-13

	Cisco Guard Web-Based Manager Configuration Guide (Software Version 5.0)
	Index
Cisco Guard Web-Based Manager Configuration Guide (Software Version 5.0) Index Preface Introduction Enabling and Launching the WBM Managing User Access Creating and Configuring Zones Configuring Zone Filters Configuring Policy Templates Learning Zone Traffic Managing Zone Policies Activating Zone Protection Monitoring Guard and Zone Operations Managing the Packet-Dump Feature	Download this chapter Index Table Of Contents A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W - Z Index A action basic filter5-6 drop filter5-6 permit filter5-6 strong filter5-6 User filter5-6 activation extent entire zone4-12 IP address only4-12 activation interface by IP address4-11 by packet4-11 active Dynamic filters10-14 analyzing traffic flow10-18 zone traffic problems10-19 anomaly flow10-34 anti-spoofing internal errors10-51 attack report deleting10-42 dropped/bounced packets10-30 exporting10-41 understanding report details10-28 viewing current attack details10-27 viewing past attack details10-27 zone10-26 attacks summary report10-22 attack statistics10-29 attack summary10-24 attack type mitigated attack10-25, 10-37 auth packet types8-3, 10-45 automatic learning, configuring7-11 automatic operation mode4-7, 9-3 B bad packets to proxy addresses10-50 bandwidth limited link templates4-8 base zone services adding7-25 copying policy parameters to the base zone7-26 deleting7-25 basic filter actions5-6 Berkley Packet filter5-13 block-unauthenticated action9-10, 9-13 burst4-9 Bypass filter adding5-8 configuring5-8 definition5-3 C changing password3-6 client attack10-25, 10-37 configuring Bypass filter5-8 parameters of automatic learning7-11 policy templates6-5 User filter5-4 connections10-44 constructing policies7-2 counters dropped10-6, 10-8, 10-16, 10-20, 10-29 forwarded10-29 legitimate10-5, 10-8, 10-16, 10-20 malicious10-5, 10-8, 10-16, 10-20 received10-5, 10-8, 10-16, 10-20, 10-29 replied10-6, 10-8, 10-16, 10-20, 10-29 spoofed10-6, 10-8, 10-16, 10-20 viewing10-5 zone10-15 D DDoS1-4 deleting an attack report10-42 detected anomalies10-34 types10-25, 10-33 viewing10-31 viewing details10-34 diagnostics, viewing10-5 distributed denial of service, See DDoS DNS drop statistics10-50 policy templates6-2 drop filter action5-6 dropped/bounced packets10-30 drop statistics10-47 dst traffic characteristics8-4 Dynamic filter actions9-13 active10-14 adding9-12 definition5-2, 10-31 deleting9-14 fields9-12 pending10-14 preventing production of9-15 table9-9 terminating9-8 viewing9-9 E event log, viewing10-9, 10-21 exporting an attack report10-41 extent of zone protection4-5 F filter Bypass5-3 Dynamic5-2, 10-31 User5-2, 10-31 zone filter overview5-2 filter/drop9-10, 9-13 filter/strong9-10, 9-13 filter-rate termination threshold4-10, 9-8 Flex-Content filter adding5-14 configuring5-10 definition10-30 deleting5-17 expression5-11 pattern5-13 fragments10-33 G general attack information10-28 H http10-33 HTTP policy template6-2 HTTP zombies10-40, 10-43 HTTP zombies list10-43 hybrid10-25 I icons1-8 information area1-8 in packet types10-45 interactive operation mode4-7, 9-4 interactive protection mode9-4 IP scan6-2, 10-33 IP threshold configuration8-14 J Java 2 Runtime Environment (JRE), installing1-2 L land attack10-51 learning process accepting the threshold tuning phase results7-8 performing7-4 phase7-2 policy construction phase7-2 starting the policy construction phase7-5 starting the threshold tuning phase7-7 stopping the policy construction phase7-6 stopping the threshold tuning phase7-9 threshold tuning phase7-2 LINK templates4-8 M main menu bar1-7 malformed packets10-25, 10-31, 10-37, 10-51 malicious-rate detection threshold4-9 malicious-rate termination threshold4-10, 9-8 marking zone policies tuned or untuned7-18 max. rate4-9 mitigated attack10-36 action flow10-38 anomaly flow10-38 type10-37 viewing details10-39 mitigated attacks10-39 viewing10-36 N navigation area1-7 new recommendations9-16 O on-demand protection activating9-5 overview9-2 operation modes automatic4-7 interactive4-7 other protocols drop statistics10-49 policy template6-2 out_pkts packet types10-45 P packet-dump capture automatic capture11-2 copying a file11-17 deleting a file11-21 enabling or disabling an automatic capture11-3 exporting a file11-18 importing a file11-20 manual capture11-2 overview11-2 renaming a file11-16 starting a manual capture11-4 stopping a manual capture11-6 packet-dump parameters4-12 packets dropped/bounced10-30 malformed10-31 packet type auth8-3 out_pkts10-45 pkts8-4, 10-46 reqs8-4 syns8-4 unauth_pkts8-4, 10-46 password, changing3-6 pending Dynamic filters10-14 accepting9-22 fields9-20 permit filter action5-6 pkts packet type8-4, 10-46 policy constructing7-2 key8-4 service8-3 statistics10-44 type8-3 policy construction phase starting7-5 stopping7-6 policy statistics table viewing10-44 policy template configuring6-5 no proxy zones6-4 other_protocols6-2 template types6-2 types of templates6-2 port scan6-3, 10-33 Protect and Learn feature9-3 activating7-14 deactivating7-15 Protect feature9-3 activating9-4 deactivating9-7 protection, verification9-6 protection activation methods4-4 protection-end time4-10 R rate-limiter10-30 ratio10-44 recommendations fields9-17 viewing new9-16 redirect/zombie9-10, 9-13 reqs packet type8-4, 10-46 S snapshot7-19 comparing two snapshots7-22 learning process results7-19 viewing, modifying, or saving to the zone configuration7-20 zone configuration policies7-20 spoofed attack10-25, 10-37 spoofed packets10-31 src traffic characteristics8-4, 10-47 status icons1-8 status summary, zone10-14 strong filter action5-6 sub-zone reports10-26 understanding4-5 syn_by_fin packet type10-46 syns packet types8-4, 10-46 system requirements1-2 T TACACS+, WBM commands3-8 TCP detected anomalies10-33 drop statistics10-48 policy templates6-3 TCP drop statistics10-49 template, zone4-7 threshold configuring IP threshold8-14 filter rate termination9-8 filter-rate termination4-10 malicious-rate termination4-10, 9-8 tuning7-2 threshold tuning phase7-2 accepting results7-8 starting7-7 stopping7-9 to-user-filters9-10, 9-13 traffic diversion1-5 troubleshooting WBM connection2-3 tuning thresholds7-2, 7-7 type mitigated attack10-37 policy8-3 U UDP policy template6-3 UDP drop statistics10-49 unauth_pkts packet type8-4, 10-46 User filter5-2 action5-6 adding5-4 configuring5-4 definition10-31 deleting5-7 user interface1-6 user profile creating3-4 deleting3-6 V viewing attack reports10-23, 10-27 counters10-15 diagnostics10-5 drop statistics10-47 Dynamic filters9-9 pending dynamic filters9-19 policy configuration differences7-22 policy statistics10-44 recommendations9-16 zone status9-6 W WBM enabling service2-2 setting up2-2 troubleshooting connection2-3 Z zombie10-25, 10-37 detected10-40 list10-43 zone counters10-15 definition4-2 deleting4-16 event log10-21 icons1-8 operation mode4-7 status summary10-14 templates4-7 zone configuration creating from a template4-6 zone counters viewing10-15 viewing in real time10-20 zone creation methods4-3 zone diagnostic tools10-15 zone operation modes automatic9-3 changing to automatic9-23 changing to interactive9-24 interactive9-4 overview9-23 taking action when pending filters exceed 10009-24 zone policies adding an IP address and threshold8-14 adding a service8-17 deleting a service8-18 modifying a single policy8-8 modifying multiple policies8-11 tuned7-17 untuned7-17 viewing8-1 zone protection activating9-4 deactivating9-7 extent4-5 on-demand9-5 options9-2 Protect and Learn feature9-3 Protect feature9-3 verifying9-6 zone recent events table10-14 zone status, viewing10-11 zone status bar10-12 zone status table10-14 zone template4-3 template types4-7 zone traffic rate graph10-13
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.