en CCNAS v11 ch05 implementing intrusion prevention

advanced host intrusion prevention with csa

... Advanced Host Intrusion Prevention with CSA Chad Sullivan, CCIE No 6394 Paul Mauvais Jeff Asher Cisco Press 800 East 96th Street Indianapolis, IN 46290 USA Advanced Host Intrusion Prevention ... capabilities CSA can play several roles within your network, such as personal ﬁrewall, host intrusion prevention, application control, security policy enforcement, and so on The implementation of the CSA ... System Patches in Lab 263 Test Non -CSA Application Upgrades in Lab 264 xvii Run Application Deployment Unprotected Hosts Report to Find Machines Without CSA 264 CSA Upgrades 264 Upgrading MC 264...

downloads advanced host intrusion prevention with csa phần 1 ppsx

... Espionage Insiders 10 Legislation 10 HIPAA 11 Sarbanes-Oxley SB -13 86 12 VISA PCI 13 Summary Chapter 12 13 Cisco Security Agent: The Solution Capabilities 14 15 CSA Component Architecture 16 Security ... Summary 10 1 10 0 10 0 90 xii Part III CSA Installation 10 4 Chapter CSA MC Server Installation 10 6 Implementation Options 10 7 Option 1: Single Server CSA MC Deployment 10 7 Option 2: Two Server CSA MC ... Installation to MS SQL 2000 11 1 Installation of a Single CSA MC with MS SQL 2000 11 8 Multiple Server Installations 12 1 Single CSA MC and an Additional Server for MS SQL 2000 12 1 Two CSA MC and an Additional...

downloads advanced host intrusion prevention with csa phần 2 potx

... policy Figure 2- 2 displays a CSA MC view of the Operating System—Base Protection— Windows policy conﬁguration Figure 2- 2 Policy Conﬁguration View Policies as a grouping mechanism within CSA contain ... SP6A Windows 20 00 (Professional, Server, Advanced Server) SP0-4 Windows XP (Professional, Home) SP0 -2 Windows 20 03 (Standard, Enterprise, Web, Small Business) Sun Solaris (64 bit 12/ 02 or higher) ... maintenance and event reporting Figure 2- 1 CSA MC Graphical User Interface (GUI) CSA Hosts and Groups 19 Conﬁguration and Event Database The CSA MC ships with the capability to install a Microsoft...

downloads advanced host intrusion prevention with csa phần 3 ppt

... Microsoft Word Patch#1 234 , there were issues with saving ﬁles Do we need, therefore, to try disabling CSA temporarily to see if the problems are caused by Microsoft Word or by our CSA policies? You ... — If you install CSA on servers, they all start with a common operating system image when they are set up, or are they all uniquely conﬁgured? As with desktops, if you start with a common image, ... 500 hosts a week would be a good metric with which to start This gives you a chance to see the effects of your deployment on a manageable numbers of hosts, and resolve issues early before CSA...

downloads advanced host intrusion prevention with csa phần 4 docx

... Figure 5-1 Host Display Screen of Cisco Security Agent Version 4. 5 Figure 5-1 shows a typical display of a host detail screen in CSA version 4. 5 You receive information about the host and about ... nearing capacity CSA MC clears hosts out of its database that have not polled in a couple weeks (the expectation is that the host is no longer in service) If a host is removed from the host table and ... and reinstall the CSA for every issue that arises Most software, however, works with CSA and does not cause issues or require policy changes The default policies included with CSA are designed...

en CCNAS v11 ch01 modern network security threats

... wide-open world of the Internet, the networks of today are more open © 2012 Cisco and/or its affiliates All rights reserved Threats • There are four primary classes of threats to network security: ... affiliates All rights reserved 31 Trends Driving Network Security • Increase of network attacks • Increased sophistication of attacks • Increased dependence on the network • Wireless access • Lack ... was a wake up call for network administrators – • It made it very apparent that network security administrators must patch their systems regularly If security patches had been applied in a timely...

143
4,656
2

en CCNAS v11 ch02 securing network devices

... be utilized: – Enforce minimum password length: security passwords min-length – Disable unattended connections: exec-timeout – Encrypt config file passwords: service password-encryption © 2012 ... occurs and when Authenticate access – Ensure that access is granted only to authenticated users, groups, and services – Limit the number of failed login attempts and the time between logins © ... reserved Enforcing Perimeter Security Policy • Routers are used to secure the network perimeter • Scenario 1: – • The router protects the LAN Router (R1) LAN Internet 192.168.2.0 Scenario Scenario...

179
4,730
2

en CCNAS v11 ch03 authentication, authorization, and accounting

... auxiliary, and console login, exec, and enable commands Packet (interface mode) Dial-up and VPN access including asynchronous and ISDN (BRI and PRI) ppp and network commands © 2012 Cisco and/ or its ... AAA Accounting Remote Client Cisco Secure ACS Server AAA Router 1.When a user has been authenticated, the AAA accounting process generates a start message to begin the accounting process 2.When ... Configuring Authentication • Specify which type of authentication to configure: – Login - enables AAA for logins on TTY, VTYs, and – Enable - enables AAA for EXEC mode access – PPP - enables AAA...

84
6,159
2

en CCNAS v11 ch04 implementing firewall technologies

... statement is added to the end Without sequence numbers the only way to add a statement between existing entries was to delete the ACL and recreate it • • Likewise, the only way to delete an entry ... to fully implement a security policy Order of statements: – ACLs have a policy of first match; when a statement is matched, the list is no longer examined – Ensure that statements at the top ... tcp any any eq 20 • Resequence if necessary • Use the no sequence-number command to delete a statement • Use the sequence-number {permit | deny} command to add a statement within the ACL R1(config)#...

136
5,206
1

en CCNAS v11 ch05 implementing intrusion prevention

... Event Monitoring and Management There are two key functions of event monitoring and management: Real-time event monitoring and management Analysis based on archived information (reporting) Event ... Features Sensors are connected to network segments A single sensor can monitor many hosts Sensors are network appliances tuned for intrusion detection analysis The operating system is “hardened.” ... event horizon to determine how long it looks for a specific attack signature when an initial signature component is detected Configuring the length of the event horizon is a tradeoff between...

102
4,640
1

en CCNAS v11 ch06 securing the local area network

... the frames to the wrong VLAN – The first switch strips the first tag off the frame and forwards the frame – The second switch then forwards the packet to the destination based on the VLAN identifier ... managing online users The Cisco NAM manages the Cisco NAS, which is the enforcement component of the Cisco NAC Appliance Cisco NAC Appliance Agent (NAA) – – Optional lightweight client for device-based ... access all the VLANs on the target switch Double-tagging VLAN attack by spoofing DTP messages from the attacking host to cause the switch to enter trunking mode • The attacker can then send traffic...

131
5,507
2

en CCNAS v11 ch07 cryptographic systems

... reserved Authentication • Data nonrepudiation is a similar service that allows the sender of a message to be uniquely identified • This means that a sender / device cannot deny having been the source ... Cipher • When Julius Caesar sent messages to his generals, he didn't trust his messengers • He encrypted his messages by replacing every letter: – A with a D – B with an E – and so on • His generals ... reserved 12 Vigenère Cipher • In 1586, Frenchman Blaise de Vigenère described a poly alphabetic system of encryption – It became known as the Vigenère Cipher • Based on the Caesar cipher, it encrypted...

159
4,752
2

en CCNAS v11 ch08 implementing virtual private networks

... Conventional Private Networks © 2012 Cisco and/or its affiliates All rights reserved 15 Virtual Private Networks © 2012 Cisco and/or its affiliates All rights reserved 16 VPNs • A Virtual Private Network ... does not provide confidentiality (encryption) – It is appropriate to use when confidentiality is not required or permitted – All text is transported unencrypted • It only ensures the origin of ... Only? Use IPsec VPN 31 Generic Routing Encapsulation (GRE) • GRE can encapsulate almost any other type of packet – Uses IP to create a virtual point-to-point link between Cisco routers – Supports...

169
4,429
3

en CCNAS v11 ch09 managing a secure network

... username scpADMIN privilege 15 password scpPa55W04D ip domain-name scp.cisco.com crypto key generate rsa general-keys modulus 1024 aaa new-model aaa authentication login default local aaa authorization ... steps: – Step Enable AAA with the aaa new-model global configuration command – Step Define a named list of authentication methods, with the aaa authentication login {default |list-name} method1 ... Risk Management and Risk Avoidance © 2012 Cisco and/or its affiliates All rights reserved 23 Risk Management and Risk Avoidance • When the threats are identified and the risks are assessed, a protection...

75
4,762
1

en CCNAS v11 ch10 implementing the cisco adaptive security appliance (ASA)

... the pre-installed licenses creates a permanent license – – The permanent license is activated by installing a permanent activation key using the activation-key command Only one permanent license ... conf t ciscoasa(config)# hostname CCNAS- ASA CCNAS- ASA(config)# domain-name ccnasecurity.com CCNAS- ASA(config)# enable password class CCNAS- ASA(config)# passwd cisco CCNAS- ASA(config)# © 2012 Cisco ... simple authentication is provided using the passwd command, securing Telnet access using AAA authentication and the local database is recommended • Use the following commands to enable AAA authentication:...

231
5,261
6

Xem thêm