Knowledgenet.Securing.Hosts.Using.Cisco.Security.Agent.HIPS.Student.Guide.V2.0.pdf
(
8537 KB
)
Pobierz
hips_20_full_nfw.pdf
HIPS
Securing Hosts Using
Cisco Security Agent
Version 2.0
Student Guide
CLS Production Services: 06.07.05
Copyright 2005, Cisco Systems, Inc. All rights reserved.
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax
numbers are listed on the Cisco Website at
www.cisco.com/go/offices
.
Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica
Croatia Cyprus Czech Republic Denmark Dubai, UAE Finland France Germany Greece
Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia
Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania
Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland
Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe
Copyright 2005 Cisco Systems, Inc. All rights reserved. CCSP, the Cisco Square Bridge logo, Follow
Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live,
Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST,
BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo,
Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering
the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive,
GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard,
LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar,
Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView
Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are
registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of
the word partner does not imply a partnership relationship between Cisco and any other company. (0501R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO
WARRANTIES IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY
OR IN ANY OTHER PROVISION OF THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO
SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY,
NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING,
USAGE OR TRADE PRACTICE. This learning product may contain early release content, and while Cisco believes it to be
accurate, it falls subject to the disclaimer above.
Table of Contents
Volume 1
Course Introduction
1
Overview
1
Lab Topology Overview
2
Security Fundamentals
1-1
Overview
1-1
Objectives
1-1
Need for Network Security
1-2
Network Security Policy
1-9
Reconnaissance Attacks and Mitigation
1-12
Access Attacks and Mitigation
1-22
Denial of Service Attacks and Mitigation
1-30
Worm, Virus, and Trojan Horse Attacks and Mitigation
1-35
Management Protocols and Functions
1-42
Summary
1-47
Cisco Security Agent Overview
2-1
Overview
2-1
Defense in Depth
2-1
Cisco Security Agent Architecture
2-7
Anatomy of an Attack and Response
2-11
Key Features of Cisco Security Agent
2-14
Summary
2-17
Cisco Security Agent Quick Start Installation
3-1
Objectives
3-1
CSA MC System Requirements
3-2
CSA System Requirements
3-6
Installing the CSA MC
3-11
Configuring the CSA MC
3-13
Installing the CSA
3-21
Summary
3-23
Cisco Security Agent Management Center Administration
4-1
Overview
4-1
Objectives
4-1
Using Cisco Security Agent Management Center
4-2
Summary
4-15
Configuring Groups and Managing Hosts
5-1
Overview
5-1
Objectives
5-1
Building an Agent Kit
5-10
Managing Hosts
5-19
Deploying Scheduled Software Updates
5-26
Summary
5-30
Building Policies
6-1
Overview
6-1
Objectives
6-1
Course Objectives
7
Primary Network Threats and Attacks
1-15
Objectives
2-2
Overview
3-1
Configuring Groups
5-2
Developing a Security Policy
6-2
Policy Components
6-6
Building Policies and Rule Modules
6-10
Attaching Rule Modules to Policies
6-27
Summary
6-34
Rule Basics
7-1
Overview
7-1
Basics of Rule Construction and Functionality
7-1
Rules Common to Windows and UNIX
7-13
Windows-Only Rules
7-38
UNIX-Only Rules
7-59
Summary
7-72
System Correlation Rules
8-1
Overview
8-1
About System Correlation Rules
8-1
System API Control Rule
8-4
Network Shield Rule
8-8
Buffer Overflow Rule
8-14
E-Mail Worm Protection Rule Module
8-18
E-Mail Worm Event Correlation
8-19
Installation Applications Policy
8-20
Global Events
8-21
Correlation
8-21
Manage Dynamically Quarantined Files and IP Addresses
8-23
Summary
8-24
Defining Application Classes
9-1
Objectives
9-1
About Application Classes
9-2
Processes Created by Application Classes
9-2
Removing Processes from Application Classes
9-2
Shell Scripts and Application Classes
9-3
Preserving Application Process Classes
9-7
Configuring Static Application Classes
9-8
Dynamic Application Classes
9-12
Building Classes as Rule Consequences
9-12
Removing Processes from Classes
9-13
Create New Application Classes from Rule Pages
9-19
Summary
9-22
Working with Variables
10-1
Overview
10-1
Objectives
10-1
Variables
10-2
Display Only in Show All Mode Option
10-3
Data Sets
10-4
Network Address Sets
10-11
Network Services Sets
10-13
Registry Sets
10-16
Included Registry Sets
10-16
COM Component Sets
10-20
Query Settings
10-23
Localized Language Version Support
10-26
ii
Securing Hosts Using Cisco Security Agent (HIPS) v2.0
Copyright © 2005, Cisco Systems, Inc.
Objectives
7-2
Objectives
8-2
Overview
9-1
File Sets
10-7
Summary
10-27
Using Cisco Security Agent Analysis
11-1
Overview
11-1
Objectives
11-1
Application Deployment Investigation
11-3
Group Settings
11-4
Product Associations
11-6
Application Deployment Reports
11-10
Viewing Reports
11-28
Exporting Reports
11-28
Application Behavior Investigation
11-30
Monitoring the Behavior Analysis
11-37
Start Behavior Analysis
11-37
Importing the Rule Module
11-38
Behavior Analysis Reports
11-39
Report Components
11-39
Working with Reports
11-44
Behavior Analysis Rule Modules
11-45
Reviewing the Rule Module
11-45
Variable and Application Class Creation
11-47
Summary
11-48
Using Event Logs and Generating Reports
12-1
Overview
12-1
Objectives
12-1
How Logging Works
12-2
The Event Log and Event Monitor
12-6
Minimum and Maximum Severity Settings
12-7
Host
12-7
Events per Page
12-7
Filter Out Duplicates
12-7
Event Log Management
12-10
Event Sets
12-13
Configuring Alerts
12-17
Generating Reports
12-20
Summary
12-26
Copyright 2005, Cisco Systems, Inc.
Securing Hosts Using Cisco Security Agent (HIPS) v2.0
iii
Data Management
11-12
Start Date and End Date
12-7
Plik z chomika:
sliwak
Inne pliki z tego folderu:
Quick.Learning.Modules.From.Cisco.P2.rar
(221138 KB)
cisco complete ccna & ccnp exams [html txt].zip
(2538 KB)
Sieci komputerowe - Księga eksperta.pdf
(30204 KB)
polecenia routing EIGRP.txt
(2 KB)
polecenia routing OSPF.txt
(2 KB)
Inne foldery tego chomika:
! cisco
ADMINISTROWANIE SIECIAMI
ASA
Budowa sieci
CBT Nugget Archive Server 2009 Cisco
Zgłoś jeśli
naruszono regulamin