1. Home
  2. Networking
  3. Network Management

Summary

This chapter was organized around the Cisco six-stage security operations model:

  1. Preparation

  2. Identification

  3. Classification

  4. Trace Back

  5. Reaction

  6. Postmortem

Most of the different functions and features described in this chapter can be used in more than one stage. For example, just the number of generated NetFlow records can be an indicator in the Identification stage, and the NetFlow record details can be used in the Classification and Trace Back stages.

Table 16-2 summarizes this chapter by creating a mapping between the security management process and device instrumentation features and functions as well as security management applications.

Table 16-2. Comparison of Features and Scenarios
Feature/ToolBaselining and ValidationReconnaissanceIntrusionDenial of Service
SNMP MIBscheck mark  check mark
SNMP traps  check markcheck mark
Syslog  check mark 
ACLcheck markcheck markcheck markcheck mark
uRFPcheck mark check mark 
BGP-PAcheck mark   
NetFlow collectioncheck markcheck mark check mark
NetFlow MIBcheck markcheck mark check mark
NBARcheck mark  check mark
IP SLAcheck mark  check mark
IDS  check mark 
Cisco NAMcheck mark  check mark
Cisco SDM check markcheck markcheck mark
Cisco CS-MARScheck markcheck markcheck markcheck mark
Arborcheck markcheck markcheck markcheck mark



Network Management: Accounting and Performance Strategies - Graphically Rich Book
About the Authors
About the Technical Reviewers
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Introduction
Part I: Data Collection and Methodology Standards
Part II: Implementations on the Cisco Devices
Part III: Assigning Technologies to Solutions
Chapter 13. Monitoring Scenarios
Chapter 14. Capacity Planning Scenarios
Chapter 15. Voice Scenarios
Chapter 16. Security Scenarios
Network Blueprint for Security Management
Security Management Process
Summary
Chapter 17. Billing Scenarios