© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.03-1 Working with Variables and Application Classes Creating Variables. - презентация

1 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Working with Variables and Application Classes Creating Variables

2 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the purpose of creating variables Describe how to configure a data set Describe how to configure a file set Configure a file set Describe how to configure a network address set Describe how to configure a network services set Describe how to configure a registry set Describe how to configure a COM component set Describe how to configure query settings to be used with a query rule

3 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Types of Variables Data sets File sets Network address sets Network services sets Registry sets COM component sets Query settings

4 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Data Sets *///* *]* *|* *%u* *.ida* HTTP

5 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Data Set

6 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v File Sets.exe.pdf.doc.htm All Files

7 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a File Set

8 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a File Set (Cont.)

9 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Configuring a File Set

10 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Network Address Sets Remote Addresses

11 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Network Address Set

12 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Network Services Sets VPN Services FTP Services. Services Web-Based Services

13 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Network Services Set

14 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Registry Sets Run Keys Shell Commands HKU Keys Reboot Operations

15 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Registry Set

16 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v COM Component Sets ActiveX Data Objects (ADO) ActiveX Control ActiveX COM Component Set Active Directory Service Interfaces (ADSI)

17 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a COM Component Set

18 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v The COM Component Extraction Utility

19 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v The COM Component Extraction Utility (Cont.)

20 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Query Settings The application contains a virus. It should be denied access.

21 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Query Setting

22 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v

23 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Localized Language Version Support

24 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Variables are configuration data items which simplify rule creation. CSA MC consists of these variables: data sets, file sets, network address sets, network services sets, registry sets, COM component sets, and query settings. Data sets are used to group text strings and metacharacters. Files sets are used to group files and directories. Network address sets are used to group IP addresses into single entities. Network services sets are used to group preconfigured protocol and port number definitions. Registry sets are used to group registry keys and values. COM component sets are used to group PROGIDs and CLSIDs of COM components. Query settings are used to configure the query text and buttons to be displayed on the query popup box.

25 © 2006 Cisco Systems, Inc. All rights reserved. HIPS v