© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.04-1 Configuring Rules Configuring Rules Common to Windows and UNIX.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Creating Application Classes Working with Variables and Application Classes.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Generating Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Working with Variables and Application Classes Creating Variables.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Managing Hosts and Deploying Software Updates.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary CSA MC includes rules for file management, network access, registry control,
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Polices Configuring Groups.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Behavior Analysis Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the rules that are common to Windows and UNIX hosts Describe how to configure the Agent service control rule Describe how to configure the Agent UI control rule Describe how to configure the Application control rule Describe how to configure the Connection rate limit rule Describe how to configure the Data access control rule Describe how to configure the File access control rule Configure the File access control rule using the Set action Describe how to configure the Network access control rule Configure an application-builder rule to populate a dynamic application class

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Common Rules Windows HostUNIX Host Rules Common to Windows and UNIX Hosts

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Agent Service Control Rule Stop service Processes stopped! Waiting for system reboot The Agent Service Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Agent Service Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Agent UI Control Rule Agent UI Control Rule Absence of Agent UI Control Rule Agent user interface visible to the end user Denied visibility of the Agent user Interface CSA MC

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Agent UI Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Application Control Rule Application Control Rule Attempt to invoke another program Access denied Malicious Program

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Application Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Connection Rate Limit Rule Connection Rate Limit Rule Allowing controlled number of network connections Host

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Connection Rate Limit Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Data Access Control Rule Request denied -- - Malformed Web server request Web ServerHost The Data Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Data Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v File Access Control Rule Attempt to read a protected file Request denied Host The File Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the File Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Configuring the Set Action for the File Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Access to network denied Virus detected! Network Access Control Rule Host The Network Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Network Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Network Access Control Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Application-Builder Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Configuring an Application-Builder Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Some rules provided by CSA MC are common to Windows and UNIX. The Agent Service Control rule stops the Agent security process. The Agent UI Control rule controls how the Agent user interface is displayed. The Application Control rule controls the type of applications that can run on Agents. The Connection Rate Limit rule controls the number of network connections being sent and received by the systems within a time frame. The Data Access Control rule controls unauthorized client requests. The File Access Control rule controls access to files. The Network Access Control rule controls access to specified network services and network addresses. You can use access control rules to populate dynamic application classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v