© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.02-1 Configuring Groups and Policies Building an Agent Kit.

Презентация:

Advertisements

Похожие презентации

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Polices Configuring Groups.

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Managing Hosts and Deploying Software Updates.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary CSA MC enables you to configure groups, to ease host management and security.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies.

© 2005 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing CSA.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Creating Application Classes Working with Variables and Application Classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Behavior Analysis Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Deployment Investigation.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.

Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the purpose of using an Agent kit Describe how to build an Agent kit Identify the purpose of using scripts for installing and uninstalling Windows CSAs Describe how to control registration of hosts to CSA MC

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Agent Kits CSA MC allows the creation of custom Agent installation kits to reduce the administrative burden required to deploy Agents on new systems. Upon creation, new Agent kits are associated with one or more groups.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Building an Agent Kit

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Building an Agent Kit (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Building an Agent Kit (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Building an Agent Kit (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Building an Agent Kit (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Agent Kit Status When you create an Agent kit, it is given one of four status levels: Ready Needs Rule Generation Incomplete Undeployable

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Agent Reboot vs. No Reboot Operating System CSA Features Not Available Until System Reboot WindowsNetwork shield rules are not applied. Buffer overflow protection is enforced for new processes only. COM component access control rules are enforced for new processes only. Data access control rules are not applied until the web service is restarted. Solaris and Linux Buffer overflow protection is enforced for new processes only. Network access control rules are applied to new socket connections only. File access control rules are applied to new files only.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v You can use scripts to perform the following functions on Windows Agent kits: Scripted install Scripted uninstall Scripted Agent Installs and Uninstalls

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Controlling Host Registration

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Agent kits reduce the administrative burden of deploying Cisco Security Systems on new systems. Agent kits are given status levels that indicate the progress of the Agent kit configuration. If a system is not rebooted after CSA installation, certain functionalities will not be available. Scripts can be used to silently install and uninstall Windows CSAs on end user systems.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v