© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.04-1 Configuring Rules Configuring UNIX-Only Rules. - презентация

1 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules

2 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the rules that are available to UNIX hosts only Describe how to configure the Network Interface Control rule Describe how to configure the Resource Access Control rule Describe how to configure the Rootkit/Kernel Protection rule Describe how to configure the Syslog Control rule

3 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v UNIX-Only Rules Network Interface Control rule Resource Access Control rule Rootkit/Kernel Protection rule Syslog Control rule

4 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Network Interface Control Rule Network Interface Network Interface Control Rule

5 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Network Interface Control Rule

6 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Resource Access Control Rule Unknown file detected Target : xyz.txt Access denied Resource Access Control Rule xyz.txt

7 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Resource Access Control Rule

8 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Rootkit/Kernel Protection Rule Rootkit/Kernel Protection Rule Application Software Operating System Controls unauthorized access

9 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Rootkit/Kernel Protection Rule

10 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Rootkit/Kernel Protection Rule (Cont.)

11 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Syslog Control Rule Syslog Control Rule CSA MC

12 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Syslog Control Rule

13 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary CSA MC provides several rules that can be used to protect UNIX-specific components. The Network Interface Control rule restricts unauthorized traffic to the system. The Resource Access Control rule controls user access to the resources. The Rootkit/Kernel Protection rule protects from unauthorized access to the kernel. The Syslog Control rule controls the registration of events in the Event Log.

14 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v