© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Describe the approaches to designing a security policy Describe how to configure a policy Describe how to configure a rule module Describe how to set conditional rules that are based on the system or user state Describe how to add a rule to a rule module Describe how to view details about the rules attached to a rule module Describe how to compare rule modules Describe how to generate a policy configuration to update rule and policy changes

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Security Policy What Is a Security Policy?

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Considerations for Designing a Security Policy Threat Security Policy Network Resources Worms Virus

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Designing a Security Policy There are two approaches to designing a security policy: Permissive security modelDeny malicious actions and allow all other actions. Restrictive security modelAllow required actions and deny all other actions.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Designing a Security Policy (Cont.) Cisco IPS matches traffic to signatures of known exploits. CSA MC Security Policy Hosts Internet

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Finance Group Accounting Group All Group Inheriting Group Policies

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Building Policies and Rule Modules When configuring a policy, you need to identify these network security requirements: The purpose of the policy The tasks the rule modules comprising the policy must accomplish The rule types that you must configure to accomplish these tasks

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Policy

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Setting System State Conditions

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Setting System State Conditions (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Setting User State Conditions

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring a Rule Module

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Adding a Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Copying a Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing the Rules List

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Rule Explanation

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Viewing Change History

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Filtering the Rules Display

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Comparing Rule Modules

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Comparing Rule Modules (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Attaching a Rule Module to a Policy

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Attaching a Policy to a Group

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary A security policy must balance business needs and security concerns. Rule modules are the building blocks for the policies. A rule module can contain different types of rules. The System State and User State conditions provide for writing conditional rules, depending on the state of a system or the user of the system. Rules can be copied to and from one rule module to another. Rules can also be cloned within the same rule module. CSA MC provides an explanation of a policy, describing each rule and its role in the policy. You can compare the configuration settings of two rule modules by using the Compare tool. For the rules in a rule module to take effect, you need to attach a rule module to a policy and also attach the policy to a group.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v