© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the various types of CSA MC rules and their functions Identify the order in which rules are processed
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Types of CSA MC Rules Rules Enforcement Rules Detection Rules
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Example: Enforcement Rules Enforcement RuleHackerHost Access Denied Attempt to Access a Host System
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Example: Detection Rules Detection Rule Detect cmd.exe bash.exe command.com Deny cmd.exe Host
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Rule Action List
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Set Action
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Example: Differentiated Service Code Point and Per-Hop-Behavior
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Example: Differentiated Service Code Point and Per-Hop-Behavior (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Variables Used with Different Rule Types Variables Data Access Control Rule Network Services Set Network Address Set File Sets Data Sets COM Component Set Registry Set Query Settings Application Control Rule COM Component Access Control Rule Registry Access Control Rule Data Access Control Rule Network Access Control Rule File Access Control Rule
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Rules can be broadly categorized into enforcement rules and detection rules. When you configure a rule, you need to select an action, such as Allow or Deny, for that rule. A rule action list includes 10 prioritized actions that are applicable to any configured rule. Priorities determine the precedence of the rules. The Set action causes a one-time configuration action and has six attributes.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v