Table of Contents
Advertisement
Chapter 2
Reporting and Mitigation Devices Overview
•
•
•
Layer 2 Discovery and Mitigation
Make sure that all the L2 devices have the SNMP RO community strings specified in the web interface
for L2 mitigation, even if the access type is not SNMP. (See
more information on mitigating an attack.)
The SNMP RO community string is always required on Layer 2 devices for L2 mitigation. L2 devices
must be added manually—there is no automatic discovery for these device.
MARS does not support the following characters in the SNMP RO community string: ' (single quote), "
Note
(double quote), < (less than symbol), and > (greater than symbol).
MARS does not discover L2 devices automatically as it does with L3 devices.
L2 devices must be added manually; there is no automatic discovery for these devices. Make sure all the
Note
L2 devices (switches) have the SNMP RO community strings specified in the web interface, even if the
access type is not SNMP. The SNMP RO community string is always required on L2 devices for L2
mitigation.
You can specify which L3 devices to discover by specifying networks and SNMP RO community values,
as defined in
The reason is MARS does not scan the network for devices. Therefore, you must manually add L2
devices using the web interface or a CSV file. Assuming that device discovery permission has been
provided, L3 devices are discovered automatically using the route information provided by monitored
gateways. Once devices are loaded/added in the web interface, user can use the topology scheduler
feature to update the configuration of both L2 and L3.
For L2 devices SNMP access type is sufficient with RO community. But for mitigation, MARS requires
SNMP RW community access. If SNMP RW community is not possible, select TELNET/SSH access
type with SNMP RO Community.
Networks for Dynamic Vulnerability Scanning
With dynamic vulnerability scanning, the MARS probes the networks that you have specified for
weaknesses. These automatic scans commence after a rule has fired that indicates an attack is in
progress. Once an attack is underway, these scans accomplish the following:
78-17020-01
Configuring Network Admission Control Features, page 2-52
Describes how to accomplish full NAC awareness, what it provides, and what products are required.
Configuring Distributed Threat Mitigation
http://www.cisco.com/en/US/products/ps6241/products_configuration_example09186a008067a2b
0.shtml
Describes how to accomplish full DTM awareness, the features it provides, and what products are
required.
MARS MIB Format, page 2-54
Describes the format of the MARS MIB, which helps integrate with other SNMP-based management
applications on your network.
Configuring Layer 3 Topology Discovery, page
False Positive Confirmation, page 19-6
2-37.
User Guide for Cisco Security MARS Local Controller
Data Enabling Features
for
2-29
Advertisement
Table of Contents
Troubleshooting
