[...]... Summary 101 100 100 90 xii Part III CSA Installation 104 Chapter 6 CSA MC Server Installation 106 Implementation Options 107 Option 1: Single Server CSA MC Deployment 107 Option 2: Two Server CSA MC Deployment 108 Option 3: Three Server CSA MC Deployment 108 CSA MC Server Hardware Requirements 109 CSA MC Server Installation 110 Single Server Installations 110 Upgrading a CSA MC MSDE Installation to MS SQL... monitors local system behavior, it can granularly enforce its security capabilities CSA can play several roles within your network, such as personal firewall, host intrusion prevention, application control, security policy enforcement, and so on The implementation of the CSA product does not require you to provide these mechanisms within every environment; however, you can enable and disable the policies relating... Selected Hosts to Protect Mode 262 Monitor Logs and System Activity 262 Review Security Policy and Acceptable Use Policies and Build Appropriate Exceptions 262 Operational Maintenance 263 Database Maintenance 263 System Backups 263 Test System Patches in Lab 263 Test Non -CSA Application Upgrades in Lab 264 xvii Run Application Deployment Unprotected Hosts Report to Find Machines Without CSA 264 CSA Upgrades... a reference when necessary The book is broken into five sections and two appendixes that cover a CSA overview, CSA project planning and implementation, CSA installation, CSA policy, monitoring, and troubleshooting • • • • • • • • Chapter 1, “The Problems: Malicious Code, Hackers, and Legal Requirements” CSA is capable of preventing day-zero attacks and enforcing acceptable use polcies This chapter covers... security/docs/ars.pdf The CSA can assist organizations to comply with several HIPAA requirements, as laid out in the CMS ARS document The following list outlines how CSA assists organizations by document section: • Section 7: System Maintenance—Enforce immediate installation of vendor-supplied patches and virus definitions within 72 hours or provide a sufficient workaround security procedures The CSA provides exploit... Code, Hackers, and Legal Requirements comply without assuming any additional immediate workload This provides companies with a sufficient timeframe needed to effectively test patches and other updates before implementing them in production environments • Section 10: IDS Devices and Software—Implement host- based IDS on critical systems The CSA provides Day Zero intrusion protection as a core function of... Security Agent (CSA) provides institutions and corporations the necessary security controls required to deal with today’s security challenges including spyware, adware, viruses, worms, and hackers CSA also helps organizations to comply with recent legislation, such as Health Insurance Portability and Accountability (HIPAA) and Sarbanes-Oxley (SOX) To ensure that protected systems function within defined... does not include a thorough explanation of the basic CSA components that are necessary to grasp the advanced topics discussed in the following chapters To better understand the building blocks of CSA, refer to the Cisco Press book Cisco Security Agent or the product documentation available at http://www.cisco.com/go /csa Capabilities Due to the way the CSA software interacts and monitors local system behavior,... Server Installations 110 Upgrading a CSA MC MSDE Installation to MS SQL 2000 111 Installation of a Single CSA MC with MS SQL 2000 118 Multiple Server Installations 121 Single CSA MC and an Additional Server for MS SQL 2000 121 Two CSA MC and an Additional Server for MS SQL 2000 126 Summary Chapter 7 128 CSA Deployment 130 Agent Installation Requirements 131 Agent Installer 133 Creating an Agent Kit 133... Logs 223 CSAMC45-install.log 223 CSAgent-install.log 223 Remote Control 223 Terminal Services 223 Telnet/SSH 224 VNC 224 Remote Access, Reachability, and Network Tools 225 Ping 225 Traceroute 226 Pathping (Windows 2000 and Later Only) 226 Ethereal 226 NetCat 227 NMAP 227 Agent Troubleshooting Tools 228 CSA Installed Troubleshooting Tools 228 ICCPING.EXE (Windows Only) 228 RTRFORMAT.EXE 229 xv CSACTL . 46290 USA Cisco Press Advanced Host Intrusion Prevention with CSA Chad Sullivan, CCIE No. 6394 Paul Mauvais Jeff Asher Advanced Host Intrusion Prevention with CSA Chad Sullivan Paul. 80 Part III CSA Installation 104 Chapter 6 CSA MC Server Installation 106 Chapter 7 CSA Deployment 130 Part IV CSA Policy 150 Chapter 8 Basic Policy 152 Chapter 9 Advanced Custom. System Patches in Lab 263 Test Non -CSA Application Upgrades in Lab 264 xvii Run Application Deployment Unprotected Hosts Report to Find Machines Without CSA 264 CSA Upgrades 264 Upgrading MC 264 Upgrading