Title:
Cisco security agent
Personal Author:
Publication Information:
Indianapolis, Indiana : Cisco Press, 2005
ISBN:
9781587052057
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000004604546 | TK5105.59 S84 2005 | Open Access Book | Book | Searching... |
Searching... | 30000010088823 | TK5105.59 S84 2005 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Presents a detailed explanation of Cisco Security Agent (CSA), illustrating the use of the product in a step-by-step fashion. This book also provides a detailed view of host intrusion prevention with CSA, including basic concepts, installations, tuning, and monitoring and maintenance.
Author Notes
Chad Sullivan is a triple-CCIE (Security, Routing/Switching, SNA/IP) and a systems engineer for Cisco Systems. Focusing predominantly on security in recent years, he is a member of the Security and VPN Virtual Teams at Cisco.
Table of Contents
| Foreword |
| Introduction |
| Part I The Need for Endpoint Security |
| Chapter 1 Introducing Endpoint Security |
| The Early Days: Viruses and Worms |
| Virus Emergence and Early Propagation Methods |
| LAN Propagation |
| The WAN and Internet |
| The Network Worm |
| The Single Environment and Its Consequences |
| The Present: Blended Threats |
| Delivery and Propagation Mechanisms |
| The Bundled Exploit |
| Persistence |
| Paralyzing or Destructive Behavior |
| The Global Implications |
| Spyware |
| The Insider |
| Understanding Point Security Weaknesses |
| Using Point Security Products |
| Candy Shell Security |
| Backdoor Attack Vectors |
| Using Attack-Detection Methods |
| Signature-Based Attack Detection |
| Log File Scraping |
| Application Fingerprinting |
| Behavior-Based Attack Detection |
| Automation |
| Establishing a Security Policy |
| Understanding the Need for a Security Policy |
| Compliance Versus Enforcement |
| Summary |
| Chapter 2 Introducing the Cisco Security Agent |
| Intrusion Prevention and Intrusion Detection Technologies |
| The Life Cycle of an Attack |
| CSA Capabilities |
| Globally Automated Correlation and Reaction |
| Distributed Firewall |
| Application Control |
| File and Directory Protection |
| Network Admission Control |
| CSA Analysis |
| CSA Components Overview |
| Management Console |
| Agent |
| CSA Communication |
| Necessary Protocols and Ports |
| Pull Model |
| Push/Hint Capability |
| CSA's Role Within SAFE |
| Summary |
| Part II Understanding the CSA Building Blocks |
| Chapter 3 Understanding CSA Groups and Hosts |
| The Relationship Between Groups and Hosts |
| Understanding CSA Groups |
| Introducing the Group Types |
| Mandatory Groups |
| Predefined Groups |
| Custom Groups |
| Viewing Groups |
| Creating a Custom Group |
| Exploring Predefined Groups |
| The Desktops -All Types Group |
| Other Predefined Groups |
| Viewing and Changing Group Membership |
| Viewing Group-Associated Events |
| Understanding CSA Hosts |
| Viewing Host Configuration |
| Polling Intervals |
| Using Test Mode |
| Working with Hosts |
| Changing a Host's Group Membership |
| Viewing Host-Associated Events |
| Summary |
| Chapter 4 Understanding CSA Policies, Modules, and Rules |
| The Relationship Between Policies, Modules, and Rules |
| Establishing Acceptable Use Documents and Security Policies |
| CSA Rules |
| Understanding State Sets |
| User State Sets |
| System State Sets |
| State Set Management |
| Understanding Rule Actions |
| Understanding Query Options |
| Rule Precedence and Manipulation |
| Other Common Rule Configuration Options |
| CSA Rule Types |
| Agent Service Control [W and U] |
| Agent UI Control [W and U] |
| Application Control [W and U] |
| Clipboard Access Control [W] |
| COM Component Access Control [W] |
| Connection Rate Limit [W and U] |
| Data Access Control [W and U] |
| File Access Control [W and U] |
| File Version Control [W] |
| Kernel Protection [W] |
| Network Access Control [W and U] |
| Network Shield [W and U] |
| NT Event Log [W] |
| Registry Access Control [W] |
| Service Restart [W] |
| Sniffer and Protocol Detection [W] |
| System API [W] |
| Buffer Overflow [U] |
| Network Interface Control [U] |
| Resource Access Control [U] |
| Rootkit/Kernel Protection [U] |
| Syslog Control [U] |
| CSA Rule Modules |
| Working with Rule Modules |
| Comparing Rule Modules |
| Creating a Rule Module |
| Using CSA Predefined Rule Modules |
