© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.04-1 Configuring Rules Rule Basics.

Презентация:

Advertisements

Похожие презентации

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary CSA MC includes rules for file management, network access, registry control,

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Behavior Analysis Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary Variables simplify the creation of rules. CSA MC consists of these variables:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Creating Application Classes Working with Variables and Application Classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Working with Variables and Application Classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Working with Variables and Application Classes Creating Variables.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Deployment Investigation.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Managing Hosts and Deploying Software Updates.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Polices Configuring Groups.

Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the various types of CSA MC rules and their functions Identify the order in which rules are processed

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Types of CSA MC Rules Rules Enforcement Rules Detection Rules

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Example: Enforcement Rules Enforcement RuleHackerHost Access Denied Attempt to Access a Host System

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Example: Detection Rules Detection Rule Detect cmd.exe bash.exe command.com Deny cmd.exe Host

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Rule Action List

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Set Action

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Example: Differentiated Service Code Point and Per-Hop-Behavior

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Example: Differentiated Service Code Point and Per-Hop-Behavior (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Variables Used with Different Rule Types Variables Data Access Control Rule Network Services Set Network Address Set File Sets Data Sets COM Component Set Registry Set Query Settings Application Control Rule COM Component Access Control Rule Registry Access Control Rule Data Access Control Rule Network Access Control Rule File Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Rules can be broadly categorized into enforcement rules and detection rules. When you configure a rule, you need to select an action, such as Allow or Deny, for that rule. A rule action list includes 10 prioritized actions that are applicable to any configured rule. Priorities determine the precedence of the rules. The Set action causes a one-time configuration action and has six attributes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v