© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Working with Variables and Application Classes Creating Variables

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the purpose of creating variables Describe how to configure a data set Describe how to configure a file set Configure a file set Describe how to configure a network address set Describe how to configure a network services set Describe how to configure a registry set Describe how to configure a COM component set Describe how to configure query settings to be used with a query rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Types of Variables Data sets File sets Network address sets Network services sets Registry sets COM component sets Query settings

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Data Sets *///* *]* *|* *%u* *.ida* HTTP

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Data Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v File Sets.exe.pdf.doc.htm All Files

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a File Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a File Set (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Configuring a File Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Network Address Sets Remote Addresses

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Network Address Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Network Services Sets VPN Services FTP Services. Services Web-Based Services

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Network Services Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Registry Sets Run Keys Shell Commands HKU Keys Reboot Operations

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Registry Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v COM Component Sets ActiveX Data Objects (ADO) ActiveX Control ActiveX COM Component Set Active Directory Service Interfaces (ADSI)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a COM Component Set

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The COM Component Extraction Utility

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The COM Component Extraction Utility (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Query Settings The application contains a virus. It should be denied access.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Query Setting

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Localized Language Version Support

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Variables are configuration data items which simplify rule creation. CSA MC consists of these variables: data sets, file sets, network address sets, network services sets, registry sets, COM component sets, and query settings. Data sets are used to group text strings and metacharacters. Files sets are used to group files and directories. Network address sets are used to group IP addresses into single entities. Network services sets are used to group preconfigured protocol and port number definitions. Registry sets are used to group registry keys and values. COM component sets are used to group PROGIDs and CLSIDs of COM components. Query settings are used to configure the query text and buttons to be displayed on the query popup box.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v