[...]... Escalation Summary 10 1 10 0 10 0 90 xii Part III CSA Installation 10 4 Chapter 6 CSA MC Server Installation 10 6 Implementation Options 10 7 Option 1: Single Server CSA MC Deployment 10 7 Option 2: Two Server CSA MC Deployment 10 8 Option 3: Three Server CSA MC Deployment 10 8 CSA MC Server Hardware Requirements 10 9 CSA MC Server Installation 11 0 Single Server Installations 11 0 Upgrading a CSA MC MSDE Installation... to MS SQL 2000 11 1 Installation of a Single CSA MC with MS SQL 2000 11 8 Multiple Server Installations 12 1 Single CSA MC and an Additional Server for MS SQL 2000 12 1 Two CSA MC and an Additional Server for MS SQL 2000 12 6 Summary Chapter 7 12 8 CSA Deployment 13 0 Agent Installation Requirements 13 1 Agent Installer 13 3 Creating an Agent Kit 13 3 Agent Kit Retrieval 13 7 Agent Kit Dissection 13 9 Installation... Upgrading 18 1 Variable and Application Class Usage 18 2 Sample Custom Policies 18 2 State-Based Policies 18 2 Install Technician Agent Control 18 3 Remote Registry Access 18 5 Securing the System When Away from Home NAC Policy 18 9 Using Dynamic Application Classes Forensics 19 6 Monitor Rules 19 6 Application Behavior Investigation Summary 19 7 19 1 19 7 18 7 xiv Part V Monitoring and Troubleshooting 19 8 Chapter 10 ... Chapter 9 17 0 Advanced Custom Policy 17 2 Why Write Custom Policies? 17 3 The Normal Tuning Process 17 3 Custom Application Control Policies Forensic Data Gathering 17 5 17 4 Preparing for the CSA Tuning Process 17 5 Understanding Rule Capabilities 17 5 Discovering State Sets 17 6 User-State Sets Overview 17 7 System State Sets Overview 17 8 Discovering Dynamic Application Classes 17 9 Best Practices for Tuning 18 0... Exploitation 15 7 Policy Application and Association 15 7 15 6 xiii Builtin Policy Details 15 9 Automatically Applied Builtin Applied Policies 16 0 Builtin Desktop and Server Policies 16 2 Windows 16 2 Linux 16 5 Solaris 16 5 Application Policies 16 6 Web Server—Microsoft IIS—Windows 16 7 Web Server—iPlanet—Solaris 16 8 Web Server—Apache 16 9 Microsoft SQL Server 2000—Windows 17 0 Other Builtin Policies 17 0 Summary... Examples for SETUP.EXE Command-Line Parameters 14 3 Command-Line Installation Examples 14 4 Allowing Scripted Uninterrupted Uninstall 14 4 Summary 14 2 14 8 Part IV CSA Policy 15 0 Chapter 8 Basic Policy 15 3 Policy Requirements 15 3 Purpose of Policy 15 4 Audit Trail 15 5 Acceptable Use Policy/Security and Best Practice Enforcement 15 5 Protection from Local and Remote User 15 6 Protecting Systems and Information from... Correlation 200 CSA MC Event Database 2 01 The Event Log 202 Filtering the Event Log Using Change Filter 203 Filtering by Eventset 207 Filtering the Event Log Using Find Similar 208 The Event Monitor 210 Automated Filtering from Directed Links Additional Event Correlation Summary Chapter 11 212 214 215 Troubleshooting Methodology 216 Common Issues 217 Licensing 217 Name Resolution 219 Network Shim 220... Document CSA Configuration 259 Document Host Configurations 260 Document Test Procedures 260 General Deployment Phase: Test Mode 260 Create a Deployment Schedule and Phased Installation Plan 2 61 Deploy Agents and Monitor Progress Against System Inventory 2 61 Create Application Investigation Jobs and Run Application Deployment Reports 2 61 Place Machines in Proper Application Groups 2 61 Test CSA MC Functionality... Selected Hosts to Protect Mode 262 Monitor Logs and System Activity 262 Review Security Policy and Acceptable Use Policies and Build Appropriate Exceptions 262 Operational Maintenance 263 Database Maintenance 263 System Backups 263 Test System Patches in Lab 263 Test Non -CSA Application Upgrades in Lab 264 xvii Run Application Deployment Unprotected Hosts Report to Find Machines Without CSA 264 CSA Upgrades... 267 Status Summary Screen 268 Network Status 268 Most Active 269 Event Log Changes 2 71 Group Level Changes 272 Hosts 273 Recycle Bin 275 Host Management Tasks 275 Combined Policy State Set Notation Rule Modules 276 Rules 277 Actions 277 New Set Action Searching 2 81 Hosts Search Rules Search Agent Diagnostics 278 2 81 282 283 Database Maintenance Information Resetting the Security Agent Summary Index . Server Installations 11 0 Upgrading a CSA MC MSDE Installation to MS SQL 2000 11 1 Installation of a Single CSA MC with MS SQL 2000 11 8 Multiple Server Installations 12 1 Single CSA MC and an Additional. 46290 USA Cisco Press Advanced Host Intrusion Prevention with CSA Chad Sullivan, CCIE No. 6394 Paul Mauvais Jeff Asher Advanced Host Intrusion Prevention with CSA Chad Sullivan Paul. 10 Legislation 10 HIPAA 11 Sarbanes-Oxley 12 SB -13 86 12 VISA PCI 13 Summary 13 Chapter 2 Cisco Security Agent: The Solution 14 Capabilities 15