© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.04-1 Configuring Rules Configuring UNIX-Only Rules.

Презентация:

Advertisements

Похожие презентации

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Windows-Only Rules.

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary CSA MC includes rules for file management, network access, registry control,

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring System Correlation Rules.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Rule Basics.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Behavior Analysis Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Managing Hosts and Deploying Software Updates.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Working with Variables and Application Classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Polices Configuring Groups.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Configuring Policies.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Generating Reports.

Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring UNIX-Only Rules

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the rules that are available to UNIX hosts only Describe how to configure the Network Interface Control rule Describe how to configure the Resource Access Control rule Describe how to configure the Rootkit/Kernel Protection rule Describe how to configure the Syslog Control rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v UNIX-Only Rules Network Interface Control rule Resource Access Control rule Rootkit/Kernel Protection rule Syslog Control rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Network Interface Control Rule Network Interface Network Interface Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Network Interface Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Resource Access Control Rule Unknown file detected Target : xyz.txt Access denied Resource Access Control Rule xyz.txt

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Resource Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Rootkit/Kernel Protection Rule Rootkit/Kernel Protection Rule Application Software Operating System Controls unauthorized access

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Rootkit/Kernel Protection Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Rootkit/Kernel Protection Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Syslog Control Rule Syslog Control Rule CSA MC

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Syslog Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary CSA MC provides several rules that can be used to protect UNIX-specific components. The Network Interface Control rule restricts unauthorized traffic to the system. The Resource Access Control rule controls user access to the resources. The Rootkit/Kernel Protection rule protects from unauthorized access to the kernel. The Syslog Control rule controls the registration of events in the Event Log.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v