Book description
Protecting systems within an enterprise has proven as important to overall security as securing the enterprise perimeter. Over the past few years, the number of vulnerabilities stemming from weaknesses in applications and operating systems has grown dramatically. In direct correlation with the number of weaknesses discovered, the number of viruses, worms, and security attacks has also exploded across the Internet. To add to the typical virus issues that businesses have had to confront, there are also malicious programs infiltrating organizations today in the form of spyware and adware.
Prevent day-zero attacks
Enforce acceptable-use policies
Develop host-IPS project implementation plans
Evaluate management hierarchy installation options, including single-server, multiserver, and built-in database usage
Learn about CSA agents and manual and scripted installation options
Understand policy components and custom policy creation
Use and filter information from CSA event logs
Troubleshoot CSA deployments with agent and management server logs and built-in troubleshooting tools
Protecting systems where the private data and intellectual property resides is no longer considered a function of perimeter defense systems but has instead become the domain of endpoint protection software, such as host Intrusion Prevention Systems (IPS). Cisco® Security Agent (CSA) is the Cisco Systems® host-IPS solution. CSA provides the security controls that corporations need to deal with threats to host and desktop computing resources.
Advanced Host Intrusion Prevention with CSA is a practical guide to getting the most out of CSA deployments. Through methodical explanation of advanced CSA features and concepts, this book helps ease the fears of security administrators seeking to install and configure a host IPS. This book explains in detail such topics as installation of the management servers, installation of the agents for mass deployment, granular agent policy creation, advanced policy creation, real-world troubleshooting techniques, and best practices in implementation methodology. This guide also provides a practical installation framework taken from the actual installation and support experience of the authors.
This book helps you implement host IPS appropriately, giving your organization better protection from the various threats that are impacting your business while at the same time enabling you to comply with various legal requirements put forth in such legislation as HIPAA, SOX, SB1386, and VISA PCI.
Table of contents
- Copyright
- About the Author
- About the Technical Reviewers
- Acknowledgments
- Command Syntax Conventions
- Introduction
- I. CSA Overview
-
II. CSA Project Planning and Implementation
- 3. Information Gathering
-
4. Project Implementation Plan
- Timeline
- Contributors
- Pre-Planning
-
Pilot
- Defining Inclusion
- Support Model
-
Common Mistakes
- Policies Not Matching a Well-Defined Security Policy or Plan
- Not Using the “Application Deployment Investigation” Features
- Not Using TESTMODE to Your Advantage
- Not Sizing Hardware Appropriately for the Pilot/Deployment
- Not Documenting Policies and Rules to Allow Good Management
- Not Setting Event-Log Thresholds Appropriately
- Not Backing Up the Pilot Server and Database
- Testing Methods
- Success Criteria
- Production Implementation
- Documentation
- Ongoing Support
- Summary
- 5. Integration into Corporate Documentation
- III. CSA Installation
-
IV. CSA Policy
- 8. Basic Policy
- 9. Advanced Custom Policy
- V. Monitoring and Troubleshooting
-
A. Best Practices Deployment Guidelines
- Overview
- Gathering Information
- Pilot Phase
- General Deployment Phase: Test Mode
- General Deployment Phase: Protect Mode
- Operational Maintenance
- B. Cisco Security Agent 5.0
Product information
- Title: Advanced Host Intrusion Prevention with CSA
- Author(s):
- Release date: April 2006
- Publisher(s): Cisco Press
- ISBN: 9781587052521
You might also like
book
CCSP Self-Study: CCSP SNRS Exam Certification Guide
Official self-study test preparation guide for the Cisco SNRS exam 642-502 Attack threats Router management and …
book
CompTIA® Security+ SY0-401 Cert Guide, Deluxe Edition, Third Edition
This is the eBook version of the print title. Note that the eBook does not provide …
book
Privacy Defended: Protecting Yourself Online
Privacy Defended: Protecting Yourself Online is a comprehensive book that melds detailed, how-to information on PC …
book
CCNP Security IPS 642-627 Official Cert Guide
CCNP Security IPS 642-627 Official Cert Guide David Burns Odunayo Adesina, CCIE® No. 26695 Keith Barker, …