© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.06-1 Using CSA Analysis Configuring Application Behavior Investigation.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary Application Deployment Investigation is a data collection and behavior analysis.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Behavior Analysis Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Managing Hosts and Deploying Software Updates.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Generating Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Deployment Investigation.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Creating Application Classes Working with Variables and Application Classes.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary CSA MC includes rules for file management, network access, registry control,
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the function of Application Behavior Investigation Describe how to configure Behavior Analysis

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Application Behavior Investigation Process Policy for Application Behavior Investigation deployed Events logged for Application Behavior CSA MC Host

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Behavior Analysis Before configuring Behavior Analysis for an application, ensure that you have these details: The application you want to analyze The host you want to select for application analysis

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Behavior Analysis Investigation

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Behavior Analysis Investigation (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Behavior Analysis Investigation (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Behavior Analysis Investigation (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Monitoring the Behavior Analysis

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Starting the Behavior Analysis

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Reviewing the Rule Module You can maintain integrity between the application and the system by: Protecting the application from the system: Behavior Analysis creates File Access Control rules to protect the application data from being exposed to external attacks. Protecting the system from the application: Behavior Analysis categorizes application resources into file, registry, network, and COM components, and creates access control rules for each of these categories.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary The Application Behavior Investigation feature serves as a data analysis and policy creation tool for administrators. The three different contributing components for Application Behavior Investigation are CSA MC, the Behavior Investigation functionality, and the Agent. Application Behavior Investigation, when deployed on a host, monitors the actions of designated applications on that host and logs all attempts to access system resources. Application Behavior Investigation analyzes the logging data, prepares detailed reports for the designated application, and generates a rule module to implement the results. The rule module created during Behavior Analysis helps in enforcing normal application behavior and maintaining integrity between the application and the system. You can monitor the progress of the Behavior Analysis process on a host by using the Progress Status fields on the Behavior Analysis configuration page.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v