Title:
Cisco security agent
Personal Author:
Publication Information:
Indianapolis, Indiana : Cisco Press, 2005
ISBN:
9781587052057
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000004604546 | TK5105.59 S84 2005 | Open Access Book | Book | Searching... |
Searching... | 30000010088823 | TK5105.59 S84 2005 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Presents a detailed explanation of Cisco Security Agent (CSA), illustrating the use of the product in a step-by-step fashion. This book also provides a detailed view of host intrusion prevention with CSA, including basic concepts, installations, tuning, and monitoring and maintenance.
Author Notes
Chad Sullivan is a triple-CCIE (Security, Routing/Switching, SNA/IP) and a systems engineer for Cisco Systems. Focusing predominantly on security in recent years, he is a member of the Security and VPN Virtual Teams at Cisco.
Table of Contents
Foreword |
Introduction |
Part I The Need for Endpoint Security |
Chapter 1 Introducing Endpoint Security |
The Early Days: Viruses and Worms |
Virus Emergence and Early Propagation Methods |
LAN Propagation |
The WAN and Internet |
The Network Worm |
The Single Environment and Its Consequences |
The Present: Blended Threats |
Delivery and Propagation Mechanisms |
The Bundled Exploit |
Persistence |
Paralyzing or Destructive Behavior |
The Global Implications |
Spyware |
The Insider |
Understanding Point Security Weaknesses |
Using Point Security Products |
Candy Shell Security |
Backdoor Attack Vectors |
Using Attack-Detection Methods |
Signature-Based Attack Detection |
Log File Scraping |
Application Fingerprinting |
Behavior-Based Attack Detection |
Automation |
Establishing a Security Policy |
Understanding the Need for a Security Policy |
Compliance Versus Enforcement |
Summary |
Chapter 2 Introducing the Cisco Security Agent |
Intrusion Prevention and Intrusion Detection Technologies |
The Life Cycle of an Attack |
CSA Capabilities |
Globally Automated Correlation and Reaction |
Distributed Firewall |
Application Control |
File and Directory Protection |
Network Admission Control |
CSA Analysis |
CSA Components Overview |
Management Console |
Agent |
CSA Communication |
Necessary Protocols and Ports |
Pull Model |
Push/Hint Capability |
CSA's Role Within SAFE |
Summary |
Part II Understanding the CSA Building Blocks |
Chapter 3 Understanding CSA Groups and Hosts |
The Relationship Between Groups and Hosts |
Understanding CSA Groups |
Introducing the Group Types |
Mandatory Groups |
Predefined Groups |
Custom Groups |
Viewing Groups |
Creating a Custom Group |
Exploring Predefined Groups |
The Desktops -All Types Group |
Other Predefined Groups |
Viewing and Changing Group Membership |
Viewing Group-Associated Events |
Understanding CSA Hosts |
Viewing Host Configuration |
Polling Intervals |
Using Test Mode |
Working with Hosts |
Changing a Host's Group Membership |
Viewing Host-Associated Events |
Summary |
Chapter 4 Understanding CSA Policies, Modules, and Rules |
The Relationship Between Policies, Modules, and Rules |
Establishing Acceptable Use Documents and Security Policies |
CSA Rules |
Understanding State Sets |
User State Sets |
System State Sets |
State Set Management |
Understanding Rule Actions |
Understanding Query Options |
Rule Precedence and Manipulation |
Other Common Rule Configuration Options |
CSA Rule Types |
Agent Service Control [W and U] |
Agent UI Control [W and U] |
Application Control [W and U] |
Clipboard Access Control [W] |
COM Component Access Control [W] |
Connection Rate Limit [W and U] |
Data Access Control [W and U] |
File Access Control [W and U] |
File Version Control [W] |
Kernel Protection [W] |
Network Access Control [W and U] |
Network Shield [W and U] |
NT Event Log [W] |
Registry Access Control [W] |
Service Restart [W] |
Sniffer and Protocol Detection [W] |
System API [W] |
Buffer Overflow [U] |
Network Interface Control [U] |
Resource Access Control [U] |
Rootkit/Kernel Protection [U] |
Syslog Control [U] |
CSA Rule Modules |
Working with Rule Modules |
Comparing Rule Modules |
Creating a Rule Module |
Using CSA Predefined Rule Modules |