--> StealthWatch looks for anomalies in the network traffic.
--> It does not analyze the data present in the packet instead only packet headers are inspected.
--> As StealthWatch is not analyzing full packet only packet headers due to that more traffic can be analyzed with low CPU consumption.
--> All the network devices are going to send flow information to the StealthWatch Appliance.
--> StealthWatch Appliance is going to check for suspicious traffic from the received flow information.
--> A Flow is traffic between one source and one destination device. If the large data transferred between two network devices is divided into multiple packets then it is still considered as a flow.
--> A Fin Packet sent from one network device during the conversation is considered as the end of the flow.
--> Stealthwatch Appliance is scalable enough to process a large amount of traffic.
--> Stealthwatch is a security solution that provides a full picture of what is happening in the network.
--> StealthWatch uses Cisco Talos to analyze all the public IP addresses from the flow of data.
--> Following are the components that make StealthWatch solution:
i) Stealthwatch Management Console :
--> Analyzes the collected flow data from other appliances
--> Looks for the Suspicious traffic from the flow data
--> Creates a baseline to identify the normal traffic and an alert is generated if the baseline is exceeded.
--> We can create traffic or flow reports from the StealthWatch management console
--> We can also create the policies on the StealthWatch management console
--> SMC is also can be integrated with ISE and AD which allows the linking of alerts to the users.
--> Need to look for Storage/RAM requirements before selecting SMC.
ii) Flow Collector
--> All the Layer 3 Network devices send the flow data to Flow Collector
--> The Flow Collector gets the raw data from a network device and processes it.
--> The Clean flow data is sent to the Stealthwatch management console to correlate with other flow data.
--> Maximum Flows per second and Maximum devices support need to be considered during the selection of Flow Collector
--> Once the initial configuration is done on the Flow Collector and Integrated to SMC then all the configuration is done from SMC.
iii) Flow Sensor
--> Flow Collectors can only analyze Layer 3 Information, It cannot analyze the Layer2 Information.
--> Flow Sensors are used to analyze the Layer2 Information.
--> Flow Sensors are connected to SPAN Ports and the flow information is sent to the StealthWatch Management Console.
iv) UDP Director
--> Used for Flow Aggregation and Flow Sharing.
--> Flow Aggregation allows to receive the data from multiple network devices and sent once to SMC.
--> Flow Sharing allows sharing the Flow of information to other devices such as Cisco Prime, Solarwinds.
Note:
i) Default Username and Password are for CLI: sysadmin and lan1cope
ii) Default Username and Password are for GUI: admin and lan411cope
0 comments:
Post a Comment