Home Page Icon
Home Page
Table of Contents for
Analyzing CSA
Close
Analyzing CSA
by Chad Sullivan
Cisco Security Agent
Copyright
About the Author
Acknowledgments
Foreword
Introduction
The Need for Endpoint Security
Introducing Endpoint Security
The Early Days: Viruses and Worms
The Present: Blended Threats
The Insider
Understanding Point Security Weaknesses
Using Attack-Detection Methods
Establishing a Security Policy
Summary
Introducing the Cisco Security Agent
Intrusion Prevention and Intrusion Detection Technologies
The Life Cycle of an Attack
CSA Capabilities
CSA Components Overview
CSA Communication
CSA's Role Within SAFE
Summary
Understanding the CSA Building Blocks
Understanding CSA Groups and Hosts
The Relationship Between Groups and Hosts
Understanding CSA Groups
Understanding CSA Hosts
Summary
Understanding CSA Policies, Modules, and Rules
The Relationship Between Policies, Modules, and Rules
Establishing Acceptable Use Documents and Security Policies
CSA Rules
CSA Rule Modules
CSA Policies
Summary
Understanding Application Classes and Variables
Using Application Classes
Summary
CSA Agent Installation and Local Agent Use
Understanding CSA Components and Installation
General CSA Agent Components Overview
CSA Installation Requirements
Agent Kits
Summary
Using the CSA User Interface
Linux Agent Interface
Solaris Agent Interface
Monitoring and Reporting
Monitoring CSA Events
Status Summary
Event Log
Event Monitor
Event Log Management
Event Sets
Summary
Audit Trail Reporting
Event Reporting
Host Detail Reporting
Policy Detail Reporting
Report Viewing
Creating a Sample Report
Summary
Analyzing CSA
Application Deployment Investigation
Using Application Deployment Investigation
Using Application Deployment Reports
Summary
Application Behavior Analysis
Understanding Application Behavior Investigation Components
Configuring Application Behavior Investigation
Using Application Behavior Investigation on the Remote Agent
Analyzing Log Data
Viewing Behavior Reports
Exporting the Behavior Analysis Report Data
Analyzing UNIX Application Behavior
Creating Behavior Analysis Rule Modules
Summary
Creating Policy, Implementing CSA, and Maintaining the CSA MC
Creating and Tuning Policy
Creating Policy
Tuning Policy
Summary
Developing a CSA Project Implementation Plan
Planning for Success
The Project Plan
Outlining the Project Phases
Summary
CSA MC Administration and Maintenance
CSA Licensing
CSA MC Registration Control
CSA MC Component Sharing
CSA MC Role-Based Access Control
CSA MC Backup and Restore Procedures
Summary
Appendixes
VMS and CSA MC 4.5 Installation
VMS v2.3 Components
Installation
Summary
Security Monitor Integration
Adding the CSA MC to the Security Monitor
Configuring the Security Monitor
Verifying Connectivity
Viewing Events in the Security Monitor
Summary
CSA MIB
CSA MC MIB Definitions
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Summary
Next
Next Chapter
Application Deployment Investigation
Part V: Analyzing CSA
Chapter 10
Application Deployment Investigation
Chapter 11
Application Behavior Analysis
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset