© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.04-1 Configuring Rules Configuring Windows-Only Rules.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary CSA MC includes rules for file management, network access, registry control,
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Behavior Analysis Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Working with Variables and Application Classes Creating Variables.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Managing Hosts and Deploying Software Updates.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Generating Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Polices Configuring Groups.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Creating Application Classes Working with Variables and Application Classes.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the rules that are available to Windows hosts only Describe how to configure the Clipboard access control rule Describe how to configure the COM Component access control rule Configure the COM Component access control rule Describe how to configure the File version control rule Configure the File Version control rule Describe how to configure the Kernel Protection rule Describe how to configure the NT Event Log rule Describe how to configure the Registry access control rule Describe how to configure the Service Restart rule Describe how to configure the Sniffer and Protocol Detection rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Windows-Only Rules Clipboard Access Control rule COM Component Access Control rule File Version Control rules Kernel Protection rule NT Event Log rule Registry Access Control rule Service Restart rule Sniffer and Protocol Detection rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Clipboard Access Control Rule Clipboard Access Control Rule Clipboard

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Clipboard Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The COM Component Access Control Rule COM Component Access Control Rule VB Script

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the COM Component Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Configuring the COM Component Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The File Version Control Rule IE 5.0 IE 4.5 File Version Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the File Version Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Configuring the File Version Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Kernel Protection Rule Kernel Protection Rule Access denied Attempt to access operating system

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Kernel Protection Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Kernel Protection Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The NT Event Log Rule NT Event Log Rule CSA MC Event Log

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the NT Event Log Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Registry Access Control Rule Registry Access Control Rule Registry VB

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Registry Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Service Restart Rule Service Restart Rule Service restarted Service terminated

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Service Restart Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Sniffer and Protocol Detection Rule IP NetBIOS Sniffer and Protocol Detection Rule CSA MC Event Log

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Sniffer and Protocol Detection Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary CSA MC provides several rules that can be used to protect Windows-specific components. The Clipboard Access Control rule is used to allow or deny access to the data written to the clipboard by a specific set of applications. The COM Component Access Control rule is used to prevent unauthorized applications from accessing COM components. The File Version Control rule is used to control the software versions of applications that can run on hosts. The Kernel Protection rule is used to prevent unauthorized access to the operating system. The NT Event Log rule is used to make specific NT Event Log items appear in the CSA MC Event Log. The Registry Access Control rule is used to allow or deny applications from writing to specified registry keys. The Service Restart rule is used to restart Windows services that have stopped or are not responding to service requests. The Sniffer and Protocol Detection rule is used to log an event when non-IP protocols and packet sniffer programs are detected to be running on a system.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v