Product Description

Protecting systems within an enterprise has proven as important to overall security as securing the enterprise perimeter. Over the past few years, the number of vulnerabilities stemming from weaknesses in applications and operating systems has grown dramatically. In direct correlation with the number of weaknesses discovered, the number of viruses, worms, and security attacks has also exploded across the Internet. To add to the typical virus issues that businesses have had to confront, there are also malicious programs infiltrating organizations today in the form of spyware and adware.

• Prevent day-zero attacks
• Enforce acceptable-use policies
• Develop host-IPS project implementation plans
• Evaluate management hierarchy installation options, including single-server, multiserver, and built-in database usage
• Learn about CSA agents and manual and scripted installation options
• Understand policy components and custom policy creation
• Use and filter information from CSA event logs
• Troubleshoot CSA deployments with agent and management server logs and built-in troubleshooting tools

Protecting systems where the private data and intellectual property resides is no longer considered a function of perimeter defense systems but has instead become the domain of endpoint protection software, such as host Intrusion Prevention Systems (IPS). Cisco® Security Agent (CSA) is the Cisco Systems® host-IPS solution. CSA provides the security controls that corporations need to deal with threats to host and desktop computing resources.

Advanced Host Intrusion Prevention with CSA is a practical guide to getting the most out of CSA deployments. Through methodical explanation of advanced CSA features and concepts, this book helps ease the fears of security administrators seeking to install and configure a host IPS. This book explains in detail such topics as installation of the management servers, installation of the agents for mass deployment, granular agent policy creation, advanced policy creation, real-world troubleshooting techniques, and best practices in implementation methodology. This guide also provides a practical installation framework taken from the actual installation and support experience of the authors.

This book helps you implement host IPS appropriately, giving your organization better protection from the various threats that are impacting your business while at the same time enabling you to comply with various legal requirements put forth in such legislation as HIPAA, SOX, SB1386, and VISA PCI.

Product Details

• Amazon Sales Rank: #986045 in Books
• Published on: 2006-05-07
• Original language: English
• Number of items: 1
• Binding: Paperback
• 336 pages

About the Author

Chad Sullivan, CCIE® No. 6493, is a founder and senior security consultant with Priveon, Inc., which provides leading security solutions to customer facilities around the world. He is recognized as one of the premier CSA architects and implementers.

Jeff Asher is a network systems consultant with Internetwork Engineering (IE) in Charlotte, North Carolina. Jeff has more than nine years of experience designing and implementing network and systems solutions for small, medium, and enterprise customers.

Paul S. Mauvais has been securing and administering varying operating systems ranging from most UNIX flavors available to VMS to VM/CMS and to Microsoft Windows for 18 years. He currently holds the position of senior security architect working in the Cisco Corporate Security Programs Organization. Paul was responsible for leading the deployment of CSA inside Cisco and speaks on many occasions to customers on endpoint security.

Customer Reviews

Not what I expected
This book was not what I expected. I purchased it to learn about complex deployment scenarions, troubleshooting, and most importantly, analysis of events (how to deal with false positives, false negatives etc). A good portion of this book is dedicated to topics such as planning and information gathering which are essential for deploying any new product or solution. "Manageing CSA Projects" would have been an appropriate name for the book. There are a couple of good chapters on policies and a chapter on event corelation.

Security the Cisco Way
We are all aware that systems have to be protected from attacks originating outside the organization. But the most dangerous attacks come from within. This can take the form of finding private information (salaries, pricing information, technical secrets), to people with an intent to do damage (the employee just fired, or who just got a new job because of some anger towards the company), or of course to people looking to steal money. Note that some of the information that might be stored on a computer system may have legal requirements regarding the distribution of the information. This includes things such a medical records.

This is a Cisco book, so it deals with protecting Cisco equipment and techniques. The basic philosophy is the use of the Cisco Security Agent or CSA. This book does not describe CSA, instead it covers its implementation and monitoring. This should be considered an advanced book. It presumes a basic knowledge of CSA before you start.