Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 11
Dynamic Diversion
The Cisco Anomaly Guard Module employs a powerful on-demand scrubbing model. It is not
inserted into the normal data path like traditional inline devices; rather, it uses dynamic diversion to
automatically redirect traffic addressed to specific resources or zones under attack—and only that
traffic—for further scrubbing. When an attack is suspected, the Anomaly Guard Module uses the
Cisco Route Health Injection (RHI) protocol to insert a routing update into the supervisor engine
routing tables to make the Anomaly Guard Module the next hop for any traffic destined for the
targeted resource.
Once the traffic destined for the targeted device or zone has been cleaned and malicious packets
blocked, legitimate transactions are forwarded on to their original destinations, helping to ensure
that no critical requests are lost. By limiting diverted traffic to only those flows addressed to
resources or zones currently under attack, the Cisco Anomaly Guard Module provides optimal
resource utilization, transparency, and reliability for a scalable solution that can meet the needs of
the largest enterprise and service provider environments. This Layer 3 insertion also enables
simplified and low impact installation, as well as ease of operational maintenance and
troubleshooting.
Multilevel Monitoring and Reporting
The Cisco Anomaly Guard Module features an intuitive, Web-based GUI that simplifies the policy
definition, operational monitoring, and report generation processes.
Multiple monitoring and reporting levels provide network operators, security administrators, and
clients with detailed real-time and historical information (Figure 5). Attack reports provide details
for individual attacks, including characteristics, lists of identified zombies, and specific enforcement
actions used, enabling security experts to review and tune the Cisco Anomaly Guard Module
security policies.
Meanwhile, customer-level historical summaries enable service providers to easily report on
successful protection against the variety, duration, and scale of attacks. In addition, an interactive
mode allows users to review and approve recommended actions and policies prior to activation,
providing manual control over attack responses, if desired.
Figure 3. Multilevel Monitoring and Reporting Provides Detailed Views into Real-Time and Historical
Performance
(88 paginas)
(73 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales