Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010104980 | TK5105.59 S94 2006 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Maximize end-point security with Cisco Security Agent. This book: eases the complexity of CSA installation and management; helps users maximize their CSA investment and the security of their end-point systems; provides a structured approach to host IPS planning and installation; includes hard-to-find information on advanced CSA feature deployment; and presents real-world expertise gathered from field installations. Advanced Host Intrusion Prevention with CSA is a practical guide to getting the most out of CSA deployments. This book helps ease the fears of security administrators seeking to install and configure a host IPS through methodical explanation of the advanced CSA features and concepts. Real-world best practices taken from actual installation and support experience of the authors provide an installation framework. The book will help administrators and security engineers implement CSA appropriately, giving their organizations better protection from the various threats that are impacting their business and enabling them to comply with various legal requirements put forth by such legislature as: HIPAA, SOX, SB1386, and VISA PCI. support teams have and build upon that foundation solid CSA implementation knowledge to guarantee success. The book will consist of 5 major sections covering several advanced concepts in detail and will require basic product knowledge. Part 1 presents an overview of host IPS and CSA. Part 2 discusses project planning and CSA installation. Part 3 covers CSA installation, including server installation and agent deployment. Part 4 addresses CSA policy. Part 5 talks about monitoring and troubleshooting methodologies. Chad Sullivan is a Senior Security Engineer and Owner of Priveon, Inc. which provides leading security solutions to customers across the United Stated. Prior to starting Priveon, Chad wrote the previous Cisco Security Agent title from Cisco Press and worked as a Security Consulting Systems Engineer at Cisco Systems, Inc. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product. Jeff Asher has worked as a Network Systems Consultant for the last 4 years with Information Security as his primary focus. at Cisco Systems based out of San Jose, CA.
Author Notes
Chad Sullivan, CCIE No. 6493, is a founder and senior security consultant with Priveon, Inc.
Jeff Asher is a network systems consultant with Internetwork Engineering (IE) in Charlotte, North Carolina
Paul S. Mauvais currently holds the position of senior security architect working in the Cisco Corporate Security Programs Organization
Table of Contents
Introduction | p. xix |
Part I CSA Overview | p. 2 |
Chapter 1 The Problems: Malicious Code, Hackers, and Legal Requirements | p. 4 |
Malicious Code | p. 5 |
Hackers | p. 9 |
Legislation | p. 10 |
Summary | p. 13 |
Chapter 2 Cisco Security Agent: The Solution | p. 14 |
Capabilities | p. 15 |
CSA Component Architecture | p. 16 |
CSA Hosts and Groups | p. 19 |
Policy Implementation | p. 21 |
Summary | p. 25 |
Part II CSA Project Planning and Implementation | p. 26 |
Chapter 3 Information Gathering | p. 28 |
Defining Purpose | p. 29 |
Understanding the Environment | p. 35 |
Important Individuals | p. 42 |
Summary | p. 45 |
References in This Chapter | p. 45 |
Chapter 4 Project Implementation Plan | p. 46 |
Timeline | p. 47 |
Contributors | p. 50 |
Pre-Planning | p. 50 |
Pilot | p. 65 |
Production Implementation | p. 73 |
Documentation | p. 75 |
Ongoing Support | p. 75 |
Summary | p. 78 |
Chapter 5 Integration into Corporate Documentation | p. 80 |
Security Policy Document | p. 81 |
Change Control Documentation | p. 89 |
Quality Assurance | p. 93 |
Contacts and Support Escalation | p. 100 |
Summary | p. 101 |
Part III CSA Installation | p. 104 |
Chapter 6 CSA MC Server Installation | p. 106 |
Implementation Options | p. 107 |
CSA MC Server Hardware Requirements | p. 109 |
CSA MC Server Installation | p. 110 |
Summary | p. 128 |
Chapter 7 CSA Deployment | p. 130 |
Agent Installation Requirements | p. 131 |
Agent Installer | p. 133 |
Installation Parameters and Examples for SETUP.EXE | p. 142 |
Summary | p. 148 |
Part IV CSA Policy | p. 150 |
Chapter 8 Basic Policy | p. 153 |
Policy Requirements | p. 153 |
Purpose of Policy | p. 154 |
Policy Application and Association | p. 157 |
Builtin Policy Details | p. 159 |
Summary | p. 170 |
Chapter 9 Advanced Custom Policy | p. 172 |
Why Write Custom Policies? | p. 173 |
Preparing for the CSA Tuning Process | p. 175 |
Best Practices for Tuning | p. 180 |
Sample Custom Policies | p. 182 |
Using Dynamic Application Classes | p. 191 |
Forensics | p. 196 |
Summary | p. 197 |
Part V Monitoring and Troubleshooting | p. 198 |
Chapter 10 Local Event Database and Event Correlation | p. 200 |
CSA MC Event Database | p. 201 |
Automated Filtering from Directed Links | p. 212 |
Additional Event Correlation | p. 214 |
Summary | p. 215 |
Chapter 11 Troubleshooting Methodology | p. 216 |
Common Issues | p. 217 |
NOC Troubleshooting Tools | p. 221 |
Agent Troubleshooting Tools | p. 228 |
SQL Troubleshooting | p. 233 |
Cisco TAC | p. 240 |
licensing@cisco.com | p. 242 |
Summary | p. 242 |
Appendix A Best Practices Deployment Scenario | p. 244 |
Overview | p. 245 |
Gathering Information | p. 246 |
Security Policy | p. 247 |
Acceptable Use Policy | p. 247 |
Security Problems | p. 248 |
Inventory | p. 249 |
Determine Goals | p. 250 |
Pilot Phase | p. 252 |
Determine Scope | p. 252 |
Determine Conditions | p. 253 |
Create the CSA Base Policy | p. 254 |
Deploy Agents in Test Mode | p. 255 |
Test Applications and Review Logs | p. 256 |
Convert Agents to Protect Mode | p. 258 |
Documentation | p. 259 |
General Deployment Phase: Test Mode | p. 260 |
Create a Deployment Schedule and Phased Installation Plan | p. 261 |
Deploy Agents and Monitor Progress Against System Inventory | p. 261 |
Test CSA MC Functionality and Response | p. 262 |
General Deployment Phase: Protect Mode | p. 262 |
Convert Selected Hosts to Protect Mode | p. 262 |
Monitor Logs and System Activity | p. 262 |
Review Security Policy and Acceptable Use Policies and Build Appropriate Exceptions | p. 262 |
Operational Maintenance | p. 263 |
Database Maintenance | p. 263 |
System Backups | p. 263 |
Test System Patches in Lab | p. 263 |
Test Non-CSA Application Upgrades in Lab | p. 264 |
Run Application Deployment Unprotected Hosts Report to Find Machines Without CSA | p. 264 |
CSA Upgrades | p. 264 |
Upgrading MC | p. 264 |
Upgrading Agents | p. 265 |
Appendix B Cisco Security Agent 5.0 | p. 266 |
Operating System Support | p. 267 |
System Warnings | p. 267 |
Status Summary Screen | p. 268 |
Network Status | p. 268 |
Most Active | p. 269 |
Event Log Changes | p. 271 |
Group Level Changes | p. 272 |
Hosts | p. 273 |
Recycle Bin | p. 275 |
Host Management Tasks | p. 275 |
Combined Policy State Set Notation | p. 276 |
Rule Modules | p. 276 |
Rules | p. 277 |
Actions | p. 277 |
New Set Action | p. 278 |
Searching | p. 281 |
Hosts Search | p. 281 |
Rules Search | p. 282 |
Agent Diagnostics | p. 283 |
Database Maintenance Information | p. 284 |
Resetting the Security Agent | p. 285 |
Summary | p. 286 |
Index | p. 288 |