© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Rules Configuring Rules Common to Windows and UNIX

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Objectives At the end of this lesson, you will be able to meet these objectives: Identify the rules that are common to Windows and UNIX hosts Describe how to configure the Agent service control rule Describe how to configure the Agent UI control rule Describe how to configure the Application control rule Describe how to configure the Connection rate limit rule Describe how to configure the Data access control rule Describe how to configure the File access control rule Configure the File access control rule using the Set action Describe how to configure the Network access control rule Configure an application-builder rule to populate a dynamic application class

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Common Rules Windows HostUNIX Host Rules Common to Windows and UNIX Hosts

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Agent Service Control Rule Stop service Processes stopped! Waiting for system reboot The Agent Service Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Agent Service Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Agent UI Control Rule Agent UI Control Rule Absence of Agent UI Control Rule Agent user interface visible to the end user Denied visibility of the Agent user Interface CSA MC

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Agent UI Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Application Control Rule Application Control Rule Attempt to invoke another program Access denied Malicious Program

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Application Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v The Connection Rate Limit Rule Connection Rate Limit Rule Allowing controlled number of network connections Host

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Connection Rate Limit Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Data Access Control Rule Request denied -- - Malformed Web server request Web ServerHost The Data Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Data Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v File Access Control Rule Attempt to read a protected file Request denied Host The File Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the File Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Configuring the Set Action for the File Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Access to network denied Virus detected! Network Access Control Rule Host The Network Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Network Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring the Network Access Control Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring an Application-Builder Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Practice: Configuring an Application-Builder Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Summary Some rules provided by CSA MC are common to Windows and UNIX. The Agent Service Control rule stops the Agent security process. The Agent UI Control rule controls how the Agent user interface is displayed. The Application Control rule controls the type of applications that can run on Agents. The Connection Rate Limit rule controls the number of network connections being sent and received by the systems within a time frame. The Data Access Control rule controls unauthorized client requests. The File Access Control rule controls access to files. The Network Access Control rule controls access to specified network services and network addresses. You can use access control rules to populate dynamic application classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v