Техническая Инструкция для Cisco Cisco Security Manager 4.0
Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Configuring Botnet Traffic Filtering Using Cisco
Security Manager 4.0
Security Manager 4.0
First Published: June 2010
Abstract
Botnets are a collection of malicious software or “bots” covertly installed on endpoints and controlled
by another entity through a communications channel such as IRC, peer-to-peer (P2P), or HTTP. The
Cisco ASA Botnet Traffic Filter complements existing endpoint security solutions by monitoring
network ports for rogue botnet activity and by detecting infected internal endpoints sending command
and control traffic back to a host on the Internet. The Botnet Traffic Filter database identifies command
and control traffic as well as the domains or hosts receiving the information.
by another entity through a communications channel such as IRC, peer-to-peer (P2P), or HTTP. The
Cisco ASA Botnet Traffic Filter complements existing endpoint security solutions by monitoring
network ports for rogue botnet activity and by detecting infected internal endpoints sending command
and control traffic back to a host on the Internet. The Botnet Traffic Filter database identifies command
and control traffic as well as the domains or hosts receiving the information.
Cisco Security Manager is an enterprise-class security management software application. You can use it
to manage security policies on a wide variety of devices.
to manage security policies on a wide variety of devices.
This paper describes how to use Cisco Security Manager 4.0 to configure Botnet Traffic Filtering on
ASA devices running version 8.3 software. Although this paper is specific to this ASA version, you can
use these concepts and techniques with any version of ASA software that supports Botnet Traffic
Filtering (version 8.2(1)+). Keep in mind that Botnet configuration features can differ between ASA
software releases.
ASA devices running version 8.3 software. Although this paper is specific to this ASA version, you can
use these concepts and techniques with any version of ASA software that supports Botnet Traffic
Filtering (version 8.2(1)+). Keep in mind that Botnet configuration features can differ between ASA
software releases.
This paper uses the following document as a basis for showing how to perform the equivalent
configuration using Security Manager: Combating Botnets Using the Cisco ASA Botnet Traffic Filter,
configuration using Security Manager: Combating Botnets Using the Cisco ASA Botnet Traffic Filter,
This paper assumes the following:
•
That you have already installed (or upgraded) the appropriate ASA software version on the device
and performed basic device configuration. This paper assumes that the ASA is installed and
functional in your production network or at least in a test network with realistic connections, that
there is a network path between the device and the Cisco Security Manager server, and that you have
configured a username and password on the device that Cisco Security Manager can use.
and performed basic device configuration. This paper assumes that the ASA is installed and
functional in your production network or at least in a test network with realistic connections, that
there is a network path between the device and the Cisco Security Manager server, and that you have
configured a username and password on the device that Cisco Security Manager can use.