Advertisement
Chapter 1
Appliance Overview and Specifications
•
•
•
•
•
•
Global Controller
If you deploy numerous Local Controllers, you can deploy a Global Controller that summarizes the
findings of two or more Local Controllers. In this way, the Global Controller enables you to scale your
network monitoring without increasing the management burden. The Global Controller provides a single
user interface for defining new device types, inspection rules, and queries, and it enables you to manage
Local Controllers under its control. This management includes defining administrative accounts and
performing remote, distributed upgrades of the Local Controllers. The Global Controller is available in
the following models—MARS GC2R and GC2 .
MARS Web Interface
The MARS web interface operates on a client computer. With many features common to both the
Local Controller and Global Controller, the web interface uses a tabbed, hyperlinked, browser-based
user interface. You access the web interface from any computer that can access the MARS Appliance on
your network. For more information on client requirements, see
page
From the web interface, you can perform most of your administrative functions, including all functions
that are not supported at the command line. Although this manual includes procedures for initially
configuring the appliance using the web interface, the following publications reference their
corresponding web interface:
•
•
Reporting and Mitigation Devices
If you consider the MARS system from a top-down perspective, you see that the Global Controller
monitors Local Controllers and that Local Controllers monitor one or more reporting devices. Reporting
devices provide MARS with data about the network, from traffic flows, as in the case of a router, to the
configuration of possible attack targets, such as from a vulnerability assessment system.
A reporting device that can deny a traffic flow is called a mitigation device (for example, a switch).
MARS provides mitigation support in two forms:
•
OL-14672-01
Fires inspection rules for incidents
Determines false positives
Delivers consolidated information in diagrams, charts, queries, reports, and notifications
Detects inactive reporting devices
Derives set of IOS/IPS Distributed Threat Mitigation (DTM) signatures based on attacks reported
by monitored CISCO IPS 5.x appliances
Acts as a repository for the IOS/IPS DTM signatures, from which IOS/IPS devices can download
current signature sets
3-10.
User Guide for Cisco Security MARS Local Controller
User Guide for Cisco Security MARS Global Controller
For supported Layer 3 devices (based on the OSI Network Model), MARS provides you with a
suggested device and set of commands that can be used to halt an ongoing, detected attack. You can
use this information to manually block the attack.
Web Browser Client Requirements,
Install and Setup Guide for Cisco Security MARS
System Description
1-3
Advertisement
Chapters
Troubleshooting
