SlideShare une entreprise Scribd logo

Cisco Security Agent - Eric Vanderburg

Télécharger en tant que PPT, PDF
Eric Vanderburg
Eric Vanderburg

An overview of the Cisco Security Agent (CSA)

Technologie
1  sur  20
Cisco Security Agent Eric Vanderburg May 3, 2006 Eric Vanderburg – Cisco Security Agent
Cisco Security Agent (CSA) • Host based Intrusion prevention system • Enforces policies on hosts based on specific rules • Version 5.1 is the newest • Called StormWatch in 1999. Purchased by Cisco in 2003. • A license is required for the management console and for all agents – purchased in bundles from 10-10,000 or individually – Licenses reside on the Management Console machine • Spans a variety of platforms Eric Vanderburg – Cisco Security Agent
Supported Hosts Server Agent Desktop Agent • Windows Server 2003 • Windows 2000 Server • Windows NT 4 Server (SP6) • Solaris 8 SPARC architecture (64-bit) • Solaris 9 SPARC architecture (64-bit) • Red Hat Enterprise Linux 3.0 ES and AS • Windows NT 4 Workstation (SP6) • Windows 2000 Pro • Windows XP Pro • Windows XP Tablet Edition • Red Hat Enterprise Linux 3.0 WS Eric Vanderburg – Cisco Security Agent
System Requirements • Windows – Pentium 200MHz – 128MB RAM – 25MB free hard drive space • Solaris – UltraSPARC 400 MHz – 256MB RAM – 25MB free hard drive space • Linux – 500 MHz or faster x86 processor (32-bit only) – 256MB RAM – 25MB free hard drive space • No support available yet for Macintosh Eric Vanderburg – Cisco Security Agent
Advantages • • • • • • Monitoring Central reaction Distributed Firewall Application Control File Protection Restrict by Posture Eric Vanderburg – Cisco Security Agent
Monitoring • Monitors the following to see whether or not actions should be allowed: – OS kernel usage – Resources – Registry entries (Windows) – COM object access – Inbound and outbound network connections Eric Vanderburg – Cisco Security Agent
Interceptors • Track actions and compare against the rules database for appropriate response – Network Traffic interceptor - Use for SYN flood and port scan protection. – Network Applications interceptor - Limit or allow individual applications to access the network via specific protocols and networks addressing parameters. – File interceptor - Limit an application's ability to read and write to specific files and directories. Eric Vanderburg – Cisco Security Agent
Central reaction • Agents report to a single management console • Events are logged to the management console so that new rules can be dynamically created. – If the management console is unavailable, they are stored until connection is restored Eric Vanderburg – Cisco Security Agent
Distributed firewall • Control which applications can act as a server to remote clients and vice versa • Learning mode: builds a list of allowed applications based on usage – Only adds to the policy. Does not override the central policy from the management console • Disables the Windows firewall when installed Eric Vanderburg – Cisco Security Agent
Application control • Restrict access to certain programs – Restrict by user or system account • Restrict the actions applications can take Eric Vanderburg – Cisco Security Agent
File protection • Files can be flagged as not available to any network connection • Can stop files from being deleted, modified, or created Eric Vanderburg – Cisco Security Agent
Trust • Hosts must be trusted before they will be allowed network access. • Given a posture of quarantined until trusted • Trusted hosts – Virus free & updated – Accessing from an appropriate medium – Adhering to policies – MAC and IP address are on an approved list Eric Vanderburg – Cisco Security Agent
Management Console • • • • Agent Configuration Policy Configuration Centralized reporting Similar interface to other Cisco management tools • Alerts can be integrated with alerts from other Cisco security products via the Cisco Security Monitoring, Analysis, and Response System Eric Vanderburg – Cisco Security Agent
Management Console • Access via web browser (IE and Firefox only) using 128-bit SSL, port 443 • URL: http://<management center system hostname>.<domain> Eric Vanderburg – Cisco Security Agent
Database • Local Database - MSDE (Microsoft Database Engine) is used for setups less than 500 agents and under 2GB (packaged with install) • Remote Database - SQL Server is used for setups with more than 500 agents Eric Vanderburg – Cisco Security Agent
Agent • Installed per host – Admin rights – Through software deployment solution • Messages - shows denied actions since last reboot • User Query Responses - stored answers (Yes, No, Terminate) • System Security - Slide bar for off, low, med, high settings & resume from install mode • Untrusted apps - selected by user after prompt Eric Vanderburg – Cisco Security Agent
Agent • Local Firewall Settings – Learning Mode – Enable / Disable – Firewall permissions • • • • Email network permission HTTP network permission Network client permission Network server permission • File Protection • Solaris agent is not a GUI app. The CLI utility csactl is used. • No queries either Eric Vanderburg – Cisco Security Agent
Communication • PC to MC: SSL TCP 1741 & 1742 • MC to PC: SSL TCP 443 & 5401 – Signed with MC Certificate • Updates retrieved through pull model at specified interval (default 10 minutes) • Push method: Hints Eric Vanderburg – Cisco Security Agent
Cisco Security Agent • Locally enforced, centrally managed • Multiple vendors supported • Settings can run in test mode before implementation • Safeguard nodes, files, attack avenues, and stop virus propagation. Eric Vanderburg – Cisco Security Agent
Questions? • Contact info: evanderburg@gmail.com • Blog: http://spaces.msn.com/professornova Eric Vanderburg – Cisco Security Agent

Recommandé

Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...Eric Vanderburg
 
Developers Focus on Security-Minded Tooling - Quintis Venter
Developers Focus on Security-Minded Tooling - Quintis Venter �Developers Focus on Security-Minded Tooling - Quintis Venter �
Developers Focus on Security-Minded Tooling - Quintis Venter Thoughtworks
 
Abdulkarim 1 and 2
Abdulkarim 1 and 2Abdulkarim 1 and 2
Abdulkarim 1 and 2عبودي خلف
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best PracticesPrecisely
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i SecurityPrecisely
 
System Hardening Recommendations_FINAL
System Hardening Recommendations_FINALSystem Hardening Recommendations_FINAL
System Hardening Recommendations_FINALMartin Evans
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyAmazon Web Services
 

Recommandé

Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...Eric Vanderburg
 
Developers Focus on Security-Minded Tooling - Quintis Venter
Developers Focus on Security-Minded Tooling - Quintis Venter �Developers Focus on Security-Minded Tooling - Quintis Venter �
Developers Focus on Security-Minded Tooling - Quintis Venter Thoughtworks
 
Abdulkarim 1 and 2
Abdulkarim 1 and 2Abdulkarim 1 and 2
Abdulkarim 1 and 2عبودي خلف
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best PracticesPrecisely
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i SecurityPrecisely
 
System Hardening Recommendations_FINAL
System Hardening Recommendations_FINALSystem Hardening Recommendations_FINAL
System Hardening Recommendations_FINALMartin Evans
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyAmazon Web Services
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Chicago
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationnetworkershome
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoNCCOMMS
 
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareWebinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareNetgear Italia
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part II0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part IITimothy Chen
 
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Netgear Italia
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoNCCOMMS
 
W982 05092004
W982 05092004W982 05092004
W982 05092004Sumit Tambe
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1Frank Avila Zapata
 
Ccna sec
Ccna secCcna sec
Ccna secshg4916
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Michael Jones-Resume-OCT2015
Michael Jones-Resume-OCT2015Michael Jones-Resume-OCT2015
Michael Jones-Resume-OCT2015Michael Jones, CCIE, CISSP, PMP
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
 
Chapter08
Chapter08Chapter08
Chapter08Muhammad Ahad
 

Contenu connexe

Tendances

AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Chicago
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Digital Bond
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationnetworkershome
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoNCCOMMS
 
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareWebinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareNetgear Italia
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part II0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part IITimothy Chen
 
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Netgear Italia
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoNCCOMMS
 
Ccna sec
Ccna secCcna sec
Ccna secshg4916
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 

Tendances (20)

AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
 
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code Scanner
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installation
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
 
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del RansomwareWebinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
Webinar NETGEAR - Come Netgear può aiutare a mitigare gli effetti del Ransomware
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
 
0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part II0505 Windows Server 2008 一日精華營 Part II
0505 Windows Server 2008 一日精華營 Part II
 
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
Webinar NETGEAR - Acronis e Netgear una panoramicadelle soluzioni per la prot...
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
 
Ccna sec
Ccna secCcna sec
Ccna sec
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
 
Michael Jones-Resume-OCT2015
Michael Jones-Resume-OCT2015Michael Jones-Resume-OCT2015
Michael Jones-Resume-OCT2015
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 

Similaire à Cisco Security Agent - Eric Vanderburg

Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12gameaxt
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
1E_ITPF203333333333333333314_Bigfix.pptx
1E_ITPF203333333333333333314_Bigfix.pptx1E_ITPF203333333333333333314_Bigfix.pptx
1E_ITPF203333333333333333314_Bigfix.pptxnguyenthanhdatpl403
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and datagocybersec
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgEric Vanderburg
 
Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...Eric Vanderburg
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesInductive Automation
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Sophos Benelux
 

Similaire à Cisco Security Agent - Eric Vanderburg (20)

Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
 
Chapter08
Chapter08Chapter08
Chapter08
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12
 
Ensuring your plant is secure
Ensuring your plant is secureEnsuring your plant is secure
Ensuring your plant is secure
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
1E_ITPF203333333333333333314_Bigfix.pptx
1E_ITPF203333333333333333314_Bigfix.pptx1E_ITPF203333333333333333314_Bigfix.pptx
1E_ITPF203333333333333333314_Bigfix.pptx
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
 
Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
 

Plus de Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 

Plus de Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Dernier

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Dernier (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Cisco Security Agent - Eric Vanderburg

  • 1. Cisco Security Agent Eric Vanderburg May 3, 2006 Eric Vanderburg – Cisco Security Agent
  • 2. Cisco Security Agent (CSA) • Host based Intrusion prevention system • Enforces policies on hosts based on specific rules • Version 5.1 is the newest • Called StormWatch in 1999. Purchased by Cisco in 2003. • A license is required for the management console and for all agents – purchased in bundles from 10-10,000 or individually – Licenses reside on the Management Console machine • Spans a variety of platforms Eric Vanderburg – Cisco Security Agent
  • 3. Supported Hosts Server Agent Desktop Agent • Windows Server 2003 • Windows 2000 Server • Windows NT 4 Server (SP6) • Solaris 8 SPARC architecture (64-bit) • Solaris 9 SPARC architecture (64-bit) • Red Hat Enterprise Linux 3.0 ES and AS • Windows NT 4 Workstation (SP6) • Windows 2000 Pro • Windows XP Pro • Windows XP Tablet Edition • Red Hat Enterprise Linux 3.0 WS Eric Vanderburg – Cisco Security Agent
  • 4. System Requirements • Windows – Pentium 200MHz – 128MB RAM – 25MB free hard drive space • Solaris – UltraSPARC 400 MHz – 256MB RAM – 25MB free hard drive space • Linux – 500 MHz or faster x86 processor (32-bit only) – 256MB RAM – 25MB free hard drive space • No support available yet for Macintosh Eric Vanderburg – Cisco Security Agent
  • 5. Advantages • • • • • • Monitoring Central reaction Distributed Firewall Application Control File Protection Restrict by Posture Eric Vanderburg – Cisco Security Agent
  • 6. Monitoring • Monitors the following to see whether or not actions should be allowed: – OS kernel usage – Resources – Registry entries (Windows) – COM object access – Inbound and outbound network connections Eric Vanderburg – Cisco Security Agent
  • 7. Interceptors • Track actions and compare against the rules database for appropriate response – Network Traffic interceptor - Use for SYN flood and port scan protection. – Network Applications interceptor - Limit or allow individual applications to access the network via specific protocols and networks addressing parameters. – File interceptor - Limit an application's ability to read and write to specific files and directories. Eric Vanderburg – Cisco Security Agent
  • 8. Central reaction • Agents report to a single management console • Events are logged to the management console so that new rules can be dynamically created. – If the management console is unavailable, they are stored until connection is restored Eric Vanderburg – Cisco Security Agent
  • 9. Distributed firewall • Control which applications can act as a server to remote clients and vice versa • Learning mode: builds a list of allowed applications based on usage – Only adds to the policy. Does not override the central policy from the management console • Disables the Windows firewall when installed Eric Vanderburg – Cisco Security Agent
  • 10. Application control • Restrict access to certain programs – Restrict by user or system account • Restrict the actions applications can take Eric Vanderburg – Cisco Security Agent
  • 11. File protection • Files can be flagged as not available to any network connection • Can stop files from being deleted, modified, or created Eric Vanderburg – Cisco Security Agent
  • 12. Trust • Hosts must be trusted before they will be allowed network access. • Given a posture of quarantined until trusted • Trusted hosts – Virus free & updated – Accessing from an appropriate medium – Adhering to policies – MAC and IP address are on an approved list Eric Vanderburg – Cisco Security Agent
  • 13. Management Console • • • • Agent Configuration Policy Configuration Centralized reporting Similar interface to other Cisco management tools • Alerts can be integrated with alerts from other Cisco security products via the Cisco Security Monitoring, Analysis, and Response System Eric Vanderburg – Cisco Security Agent
  • 14. Management Console • Access via web browser (IE and Firefox only) using 128-bit SSL, port 443 • URL: http://<management center system hostname>.<domain> Eric Vanderburg – Cisco Security Agent
  • 15. Database • Local Database - MSDE (Microsoft Database Engine) is used for setups less than 500 agents and under 2GB (packaged with install) • Remote Database - SQL Server is used for setups with more than 500 agents Eric Vanderburg – Cisco Security Agent
  • 16. Agent • Installed per host – Admin rights – Through software deployment solution • Messages - shows denied actions since last reboot • User Query Responses - stored answers (Yes, No, Terminate) • System Security - Slide bar for off, low, med, high settings & resume from install mode • Untrusted apps - selected by user after prompt Eric Vanderburg – Cisco Security Agent
  • 17. Agent • Local Firewall Settings – Learning Mode – Enable / Disable – Firewall permissions • • • • Email network permission HTTP network permission Network client permission Network server permission • File Protection • Solaris agent is not a GUI app. The CLI utility csactl is used. • No queries either Eric Vanderburg – Cisco Security Agent
  • 18. Communication • PC to MC: SSL TCP 1741 & 1742 • MC to PC: SSL TCP 443 & 5401 – Signed with MC Certificate • Updates retrieved through pull model at specified interval (default 10 minutes) • Push method: Hints Eric Vanderburg – Cisco Security Agent
  • 19. Cisco Security Agent • Locally enforced, centrally managed • Multiple vendors supported • Settings can run in test mode before implementation • Safeguard nodes, files, attack avenues, and stop virus propagation. Eric Vanderburg – Cisco Security Agent
  • 20. Questions? • Contact info: evanderburg@gmail.com • Blog: http://spaces.msn.com/professornova Eric Vanderburg – Cisco Security Agent