Advanced Host Intrusion Prevention with CSA eBook

Protecting systems within an enterprise has proven as important to overall security as securing the enterprise perimeter. Over the past few years, the number of vulnerabilities stemming from weaknesses in applications and operating systems has grown dramatically. In direct correlation with the number of weaknesses discovered, the number of viruses, worms, and security attacks has also exploded across the Internet. To add to the typical virus issues that businesses have had to confront, there are also malicious programs infiltrating organizations today in the form of spyware and adware.

• Prevent day-zero attacks
• Enforce acceptable-use policies
• Develop host-IPS project implementation plans
• Evaluate management hierarchy installation options, including single-server, multiserver, and built-in database usage
• Learn about CSA agents and manual and scripted installation options
• Understand policy components and custom policy creation
• Use and filter information from CSA event logs
• Troubleshoot CSA deployments with agent and management server logs and built-in troubleshooting tools

Protecting systems where the private data and intellectual property resides is no longer considered a function of perimeter defense systems but has instead become the domain of endpoint protection software, such as host Intrusion Prevention Systems (IPS). Cisco? Security Agent (CSA) is the Cisco Systems? host-IPS solution. CSA provides the security controls that corporations need to deal with threats to host and desktop computing resources.

Advanced Host Intrusion Prevention with CSA is a practical guide to getting the most out of CSA deployments. Through methodical explanation of advanced CSA features and concepts, this book helps ease the fears of security administrators seeking to install and configure a host IPS. This book explains in detail such topics as installation of the management servers, installation of the agents for mass deployment, granular agent policy creation, advanced policy creation, real-world troubleshooting techniques, and best practices in implementation methodology. This guide also provides a practical installation framework taken from the actual installation and support experience of the authors.

This book helps you implement host IPS appropriately, giving your organization better protection from the various threats that are impacting your business while at the same time enabling you to comply with various legal requirements put forth in such legislation as HIPAA, SOX, SB1386, and VISA PCI.

Chad Sullivan, CCIE? No. 6493, is a founder and senior security consultant with Priveon, Inc., which provides leading security solutions to customer facilities around the world. He is recognized as one of the premier CSA architects and implementers.

Jeff Asher is a network systems consultant with Internetwork Engineering (IE) in Charlotte, North Carolina. Jeff has more than nine years of experience designing and implementing network and systems solutions for small, medium, and enterprise customers.

Paul S. Mauvais has been securing and administering varying operating systems ranging from most UNIX flavors available to VMS to VM/CMS and to Microsoft Windows for 18 years. He currently holds the position of senior security architect working in the Cisco Corporate Security Programs Organization. Paul was responsible for leading the deployment of CSA inside Cisco and speaks on many occasions to customers on endpoint security.