Friday, June 29, 2007

Competition

As i`ve mentioned a few times!, the new Cisco MARS book, by Gary Halleen and Greg Kellogg is out very soon.

I`m looking to improve the Blog as its looking a bit bland, especially the header. So i`ve decided to hold a competition. I know lots of you are dab hands at photoshop/ fireworks/paintshop /colouring in with crayons! etc.

So i`ve decided the competition will be to design a new header image for the blog. And the prize?

The prize will be a copy of the new MARS book, and the fame and fortune (not quite) of having your work displayed on the blog. And i`ll ship this world wide at my own cost.

Rules/Info

1) Image should be around 765 x 157 pixels
2) Image should not contain the Cisco Logo (you know how funny they can be)
3) Be your own work, feel free to snapshot the MARS interface
4) Closes July 16th
5) Send your entries to my email address opposite
6) Winner will be decided by.... err, Me!

Thats it, good luck.

Thursday, June 28, 2007

Cisco MARS Techwise Show Today

As mentioned in a previous post, Cisco Techwise TV have produced a show on MARS entitled - Technical Exploration of MARS.


Well that show is live Today, Thursday, June 28, 1 – 2 p.m. Eastern Time.

Check out the flyer for the show, and register for the show on Techwise TV here.

Oh and one last thing, check out the new Polls on the right hand side. If you have any suggestions for Polls let me know.


Wednesday, June 27, 2007

Cisco MARS Exam 642-544

I keep getting the dreaded Re-Certifcation Reminder emails from Cisco, about my CCSP certification. Whilst trying to decide whether to go for CCIE or quickly take a 642 exam, i came across this one new exam coming 19/07/07 that may interest you.



Theres very little information about this exam at present on Cisco.com , but this exam will be part of the CCSP Track.

Information on the CCSP Track quoted below...
"The CCSP certification (Cisco Certified Security Professional) validates advanced knowledge and skills required to secure Cisco networks. With a CCSP, a network professional demonstrates the skills required to secure and manage network infrastructures to protect productivity and reduce costs.

The CCSP curriculum emphasizes secure VPN management, Cisco Adaptive Security Device Manager (ASDM), PIX firewall, Adaptive Security Appliance (ASA), Intrusion Prevention Systems (IPS), Cisco Security Agent (CSA), and techniques to combine these technologies in a single, integrated network security solution. "

Thursday, June 21, 2007

MARS Users and Groups

As you will know, MARS creates one default user, which is the pnadmin user.

But we can create our own users and groups for MARS management.

There are 4 types of users that can be created.

  • Admin - the equivalent of a superuser. This user type has full access to the MARS GUI.
  • Security Analyst - has full use of the MARS, except cannot access the Admin tab.
  • Operator - has read-only privileges.
  • Notification Only - for a non-user of the MARS appliance, use this type of user account to send alerts to people who are not administrators, security analysts, or operators. (ie, the user cannot log into the MARS appliance)
As a point to note, only the pnadmin user account can login to the box via SSH.

Now once we have created all our users, can also create groups....


And what can we do with these groups? Well we can use the Groups, when we want to create a notification for Actions on Rules, or when we want a report sent to multiple recipients.


Once the notification has been created, we can use this for a Rule Action.


And also creating a recipient for Reports....

Thursday, June 14, 2007

CS-MARS Package Checker (CMPC) v1.0.0.0 Released

You may have come across Mikes "CS-MARS and Everything Security at Cisco" Blog.

Well Mike has put together a CS-MARS Package Checker (CMPC).

Quote from Mikes Blog "CS-MARS, like most security devices, is only as useful as the known threats built into the device. Anyone who operates an IPS/IDS device knows how critical it is to keep such a device up-to-date. CS-MARS is no different. Cisco provides no avenue for automated update checking, so rather than remembering to check CCO every once and a while for package, this program does it all for me, and soon for you."

Looks good, check it out.

Wednesday, June 13, 2007

New MARS Datasheet

There is a new CS-MARS Datasheet on Cisco.com, that covers what is termed Gen1 and Gen2 MARS appliances running Cisco Security Monitoring, Analysis, and Response System 4.2.x/5.2.x

This datasheet gives us some more info on the new Gen2 appliances..


And also the new Gen2 Global Controller...


Quote "The 4.2.x release will continue to support the MARS-20R, MARS-20, MARS-50, MARS-100e, MARS-100, MARS-200, MARS-GCm, MARS-GC appliances. The 5.2.x release will support features on new appliance models MARS-110R, MARS-110, MARS-210, MARS-GC2. There will be significant feature parity across the two releases. Although appliance differences may make complete feature parity impossible, it is the goal of the product team to provide near perfect feature parity across all MARS appliances."

Thursday, June 07, 2007

TechWiseTV - Technical Exploration of MARS

I`m not sure of how many of you have seen the Cisco Techwise TV videos, but i`ve always found them to be pretty good. These video broadcasts on various Cisco products offer expert advice, an also discuss the challenges—and solutions—facing small and medium businesses, enterprises, and industries.


Coming on the 28th June is a TechWiseTV - Technical Exploration of MARS
(Live Videocast, June 28th, 2007 at 1.00PM EDT)

Robb Boyd presents another Cisco Video Broadcast on Techwise TV. Snippet from Cisco.com

"This is a "deep dive" exploration of the deployment realities of Cisco's MARS, Monitoring Analysis and Response System. We will take our time fully exploring the most overlooked and creative things customers are doing with MARS to solve their unique business problems. As a product, MARS promises to help you find the "needle in the haystack" as it leverages data from all over the network. We will review how MARS was discussed in previous episodes and cover what was not fully discussed. Many new questions and answers will be provided and demonstrated on this Special Edition.

Agenda

Topics to be covered include:
  • Overview
  • Introduction to MARS - a topic favorite from many past shows.
  • Custom Parsing
  • Anomaly Detection
  • Incident Handling
  • Auditing ."

Friday, June 01, 2007

CS-MARS User Group


Congratulations to Wilson Samuel who became the 200th Member yesterday of the Cisco MARS User Group.

Join up here...
http://groups.google.com/group/cs-mars-ug?hl=en-GB

Also if you have a CCO Login, you can get involved in the campaign stated by PAUL TRIVINO to get Cisco to create a separate MARS section, under the Networking Professionals Connection.

View the Topic Here.