downloads advanced host intrusion prevention with csa phần 7 pptx
downloads advanced host intrusion prevention with csa phần 7 pptx
... many other Host
Intrusion Prevention System (HIPS) products. Become familiar with two types of state sets:
user and system state sets. These sets provide mechanisms that enable a CSA administrator ...
Sample Custom Policies 1 87
Securing the System When Away from Home
When systems connect to your network, corporate firewalls, intrusion detection systems
(IDS), intrusion prev...
downloads advanced host intrusion prevention with csa phần 1 ppsx
... updates immediately. Because CSA does not
require updates, yet still provides the necessary protection, organizations can
Advanced Host Intrusion Prevention with CSA
Chad Sullivan
Paul Mauvais
Jeff ... Policies? 173
The Normal Tuning Process 173
Custom Application Control Policies 174
Forensic Data Gathering 175
Preparing for the CSA Tuning Process 175
Understanding R...
downloads advanced host intrusion prevention with csa phần 2 potx
... CSA can play several roles within your network,
such as personal firewall, host intrusion prevention, application control, security policy
enforcement, and so on. The implementation of the CSA ... communications necessary.
NOTE For the CSA to communicate with the CSA MC, the host must be able to resolve the
server’s name. This can occur via DNS or a local hosts file entry....
downloads advanced host intrusion prevention with csa phần 3 ppt
... a CSA policy that is so
restrictive and secured that employees cannot complete their work.
Pre-Planning 57
Figure 4-2 A Standard Cisco Security Agent Version 4.5 Query with a Challenge
• CSA ... on a regular
basis and how are they handled?
— What can go wrong with an installation of CSA?
—How do you manually uninstall CSA if needed?
— What is a business policy change versus a p...
downloads advanced host intrusion prevention with csa phần 4 docx
... capacity.
CSA MC clears hosts out of its database that have not polled in a couple weeks (the
expectation is that the host is no longer in service). If a host is removed from the host table ... Security Agent (CSA) within your
enterprise.
This chapter covers the following topics:
• Integration with security policy documentation
• Proper use of change control for management of CSA...
downloads advanced host intrusion prevention with csa phần 5 pdf
...
following:
• Installation of a single-server CSA MC with MSDE
• Upgrading a CSA MC MSDE installation to MS SQL 2000
• Installation of a single CSA MC with MS SQL 2000
Configuration 2
1 Server 10,000
2 ... mc_config table
in the CSAMC45 database. You will see multiple servers listed, as shown in Figure 6- 17.
Figure 6- 17 mc_config Table Displays Multiple MCs in SQL
114 Chapter 6:...
downloads advanced host intrusion prevention with csa phần 6 pps
... files shown in Figure 7- 7.
Figure 7- 7 Agent Installer Contents as Viewed by WinZip
148 Chapter 7: CSA Deployment
Figure 7- 15 Diagnostics Displays Current State Sets
NOTE The CSA product is extremely ...
remote web browser is https:/ /CSA_ MC_NAME/csamc45/kits. This URL redirects your
browser to a web page with access to all current kits, as displayed in Figure 7- 5.
Figure 7-...
downloads advanced host intrusion prevention with csa phần 8 doc
... a host is deleted from the database, the license is available again
for the next registering host. Also, all events from the deleted host are deleted along with
any other record of that host.
Example ... If the host is from another time zone than the CSA MC, there is an
adjustment made to account for the time difference and it is stamped in the database
with the time associa...
downloads advanced host intrusion prevention with csa phần 10 doc
... 283
database maintenance, 284
event log, 271
group level changes, 272 – 273
hosts, 273 – 276
operating system, 2 67
rules, 277
actions, 277 –281
modules, 276
searches, 281–282
security agent, 285
Status ... 2 37 239
queries, 233–2 37
tuning processes
best practices, 180–182
custom policies, 175
dynamic application classes, 179 –180
rule capabilities, 175 – 176
state sets, 176 – 179...
advanced host intrusion prevention with csa
... Press
Advanced Host Intrusion Prevention
with CSA
Chad Sullivan, CCIE No. 6394
Paul Mauvais
Jeff Asher
x
Rule Modules and Policy Hierarchy
23
Rule Precedence
24
Advanced ... Policies? 173
The Normal Tuning Process 173
Custom Application Control Policies 174
Forensic Data Gathering 175
Preparing for the CSA Tuning Process 175
Understanding Rule Capabil...
Từ khóa: