Scribd Logo
Unggah

Selamat datang di Scribd!

  • HIPS30S04L02

    Diunggah oleh

    api-3699464
    18 tayangan23 halaman
    HIPS v3.0--4-2 Rules Common to Windows and UNIX hosts Identify the rules that are common to Windows and UNIX hosts Describe how to configure the Agent Service Control Rule. The Application Control Rule Allowing controlled number of network connections. The Data Access Control Rule Malformed Web server request request denied.

    Deskripsi Asli:

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PPS, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    HIPS v3.0--4-2 Rules Common to Windows and UNIX hosts Identify the rules that are common to Windows and UNIX hosts Describe how to configure the Agent Service Control Rule. The Application Control Rule Allowing controlled number of network connections. The Data Access Control Rule Malformed Web server request request denied.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PPS, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    18 tayangan23 halaman

    HIPS30S04L02

    Diunggah oleh

    api-3699464
    HIPS v3.0--4-2 Rules Common to Windows and UNIX hosts Identify the rules that are common to Windows and UNIX hosts Describe how to configure the Agent Service Control Rule. The Application Control Rule Allowing controlled number of network connections. The Data Access Control Rule Malformed Web server request request denied.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PPS, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 23

    Configuring Rules

    Configuring Rules Common to Windows


    and UNIX

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-1


    Objectives

    At the end of this lesson, you will be able to meet these


    objectives:
    • Identify the rules that are common to Windows and UNIX hosts
    • Describe how to configure the Agent service control rule
    • Describe how to configure the Agent UI control rule
    • Describe how to configure the Application control rule
    • Describe how to configure the Connection rate limit rule
    • Describe how to configure the Data access control rule
    • Describe how to configure the File access control rule
    • Configure the File access control rule using the Set action
    • Describe how to configure the Network access control rule
    • Configure an application-builder rule to populate a dynamic
    application class

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-2


    Rules Common to Windows and UNIX
    Hosts

    Common Rules

    Windows Host UNIX Host

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-3


    The Agent Service Control Rule

    Processes
    stopped!

    Agent Service
    Control Rule

    e
    e r vic
    p s
    Sto

    Waiting for
    system reboot

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-4


    Configuring the Agent Service Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-5


    The Agent UI Control Rule

    Agent user interface


    visible to the end user

    l R ule
    ntr o
    I Co
    nt U
    Age
    Absen
    ce of A Denied visibility of the
    gent U Agent user Interface
    I Con
    trol R
    CSA MC ule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-6


    Configuring the Agent UI Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-7


    The Application Control Rule

    Attempt to invoke another program

    --------
    -------- Access denied

    Application Control Rule


    Malicious Program

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-8


    Configuring the Application Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-9


    The Connection Rate Limit Rule

    Allowing controlled
    number of network
    connections

    Connection Rate Limit


    Host Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-10


    Configuring the Connection Rate Limit Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-11


    The Data Access Control Rule

    Malformed Web
    server request Request denied

    -- --
    - -
    -- --
    - -
    -- --
    - -

    Data Access Control


    Host Web Server
    Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-12


    Configuring the Data Access Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-13


    The File Access Control Rule

    Attempt to read a protected file

    Request denied
    Host File Access Control
    Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-14


    Configuring the File Access Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-15


    Practice: Configuring the Set Action
    for the File Access
    Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-16


    The Network Access Control Rule

    Virus detected!

    Access to network denied

    Host Network Access


    Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-17


    Configuring the Network Access
    Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-18


    Configuring the Network Access
    Control Rule (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-19


    Configuring an Application-Builder Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-20


    Practice: Configuring an
    Application-Builder Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-21


    Summary

    • Some rules provided by CSA MC are common to Windows and UNIX.


    • The Agent Service Control rule stops the Agent security process.
    • The Agent UI Control rule controls how the Agent user interface is
    displayed.
    • The Application Control rule controls the type of applications that can
    run on Agents.
    • The Connection Rate Limit rule controls the number of network
    connections being sent and received by the systems within a time
    frame.
    • The Data Access Control rule controls unauthorized client requests.
    • The File Access Control rule controls access to files.
    • The Network Access Control rule controls access to specified network
    services and network addresses.
    • You can use access control rules to populate dynamic application
    classes.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-22


    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-23

    Anda mungkin juga menyukai