Cisco Cisco ASA 5540 Adaptive Security Appliance Hoja De Datos
White Paper
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 11
According to the FBI, in the United States, one to five million hosts are controlled by botnets.
1
The attack profile has
evolved from spam and DoS attacks to attacking websites for profit, taking down rival networks, and blackmailing
web host owners. There is a significant amount of money at stake. A single DoS attack on a gambling website can
cost $50,000 a day for the business.
2
Because the hosts and controllers in a botnet are operating from captured resources, botnets are dynamic and
short-lived, which makes them difficult to defeat. As soon as you close down one botnet, it will show up in a different
place with new addresses, operating like a network version of a morphing virus.
Botnets have become an important tool in the arsenal of hackers and other criminals that endeavor to profit and to
bring financial ruin to companies and individuals with a presence on the Internet.
For further reading on botnets, please refer to the following documents on
http://www.cisco.com
(
http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/ns441/networking_solutions_whitepaper0900a
ecd8072a537.html
).
Cisco ASA Botnet Traffic Filter
This paper focuses on how Cisco Security Intelligence Operations relates to botnet threat identification, and its
interaction with the Cisco ASA Botnet Traffic Filter. It is important to realize that a comprehensive security
deployment should include Cisco Intrusion Prevention Systems (IPS) with its reputation based Global Correlation
service and IPS signatures in conjunction with the security services provided by the ASA security appliance such as
Botnet Traffic Filter.
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations Center provides customers with the benefits of an industry-
unprecedented security center, centralizing information and threat signatures issued for all Cisco security
technologies, including email filtering, web filtering and reputation, IPS/IDS filtering, and voluntary global threat
statistics (Figure 2).
The Cisco Threat Operations Center provides human oversight of Cisco Security Intelligence Operations to ensure
speed and accuracy of its threat data, including web and email reputation data, Cisco IPS global correlation data,
and botnet database.
Cisco Security Intelligence Operations is the world's largest email and Web traffic monitoring network. With data on
more than 25 percent of the world’s Internet traffic, it provides an unprecedented real-time view into security threats
from around the world. Cisco Security Intelligence Operations can be used like a “credit reporting service” for email
and web threats, providing comprehensive data that ISPs and companies can use to differentiate legitimate senders
from spammers and other attackers, and giving email administrators visibility into who is sending them email.
1
FBI initiative, Operation BotRoast. June 2007.
2
MSNBC, April 2007,
http://redtape.msnbc.com/2007/04/virus_gang_warf.html
.