Chapter 4 Zone Configuration
Zone Detection
4-20
Cisco Traffic Anomaly Detector User Guide
OL-6109-01
Note that the Detector enables the use of an asterisk (*) as a wildcard
denoting either of the following options:
–
All of the Detector’s zones. Issuing
detect *
means beginning detection
for all of the Detector’s zones.
–
A wildcard denoting zone names (i.e. OBL*).
2.
Choose
ENTER
.
Guard-Protection Activation Forms
The Detector enables the user to apply different Guard-protection forms designed
to save Guard-protection resources and better focus on the zone detection and
protection requirements. Those protection forms range from assuming protection
over a particular zone (i.e. a specific server) that is a part of an overall zone (i.e.
a protected network environment) to assuming protection over all of the zones of
the overall zone. The Detector’s Guard-protection activation forms are the
following:
•
Τ
he Detector activates the Guard to assume protection over the overall zone
whenever a traffic abnormality is detected. This strategy is recommended
when the overall zone consists of intra-related zones that cannot be risked.
•
Τ
he Detector activates the Guard protection over a particular zone once a
traffic abnormality is traced as destined to that particular zone. This is
recommended when the overall zone consists of unrelated particular zones.
This is since the user may want to assume protection per an attacked zone and
not spend valuable protection resources over the overall zone.
•
Τ
he Detector activates the Guard protection over a specific zone once a traffic
abnormality is traced as destined to that specific zone. The Detector would
also activate the Guard protection over the overall zone once the detected
abnormality cannot be associated with a particular zone. This strategy is
recommended when the overall zone consists of highly related particular
zones. This is since the user may want to avoid a situation in which a targeted
zone may inflict damage on the overall zone.
To activate the Guard-protection forms perform the following:
1.
From the following sample Zone command group level type the following:
admin@DETECTOR-conf-zone-<
zone-name
>#
protect-ip-state
{
all-zone
|
only-dest-ip
|
policy-type
}