| One of the main things that you must understand when deploying CSA is that you must take care when you deploy it into your environment. Tune it according to your applications and environment. Fortunately, the process of tuning CSA has been made easy. CSA Deployment Suggestions You can deploy CSA effectively and safely in your environment by following a few steps. You need to run CSA and your application together in a lab to teach CSA how your applications behave, or run it in Test mode in your production network before deploying CSA. This section contains generalized steps on how to deploy CSA. An exhaustive step-by-step deployment is beyond the scope of this book. The list of deployment steps provided is merely a high-level guideline to give you an idea of what is needed to roll out the product. For more information on deployment, refer to the Cisco website at http://www.cisco.com/go/csa. CSA Lab Deployment Step 1. | Ensure that your hardware and software meet the minimum requirements for a CSA implementation.
Previous to version 4.5, only English (United States) language versions of operating systems are supported. CSA 4.5 supports many European and Asian languages. In addition to language support, version 4.5 supports Windows 2003, Red Hat Linux Advanced Server, and Red Hat Linux Workstation. Check the Cisco website for current language support.
Server agent for Windows requirements:
- Windows NT 4.0 Server (Service Pack 5 or later) - Windows NT 4.0 Enterprise Server (Service Pack 5 or later) - Windows 2000 Server (up to Service Pack 3) - Windows 2000 Advanced Server (up to Service Pack 3) - Single or multiple Pentium processors, 200 MHz or faster 128-MB RAM minimum
Server agent for Solaris requirements:
- Solaris 8 SPARC architecture (64-bit kernel) - Ultra SPARC processor 500 MHz or faster - 256-MB RAM minimum
Desktop agent requirements:
- Windows NT 4.0 Workstation (Service Pack 5 or later) - Windows 2000 Professional (up to Service Pack 3) - Windows XP Professional (up to Service Pack 0 or 1) - Single or multiple Pentium processors, 200 MHz or faster - 128-MB RAM minimum
CiscoWorks VMS with Management Center for Cisco Security Agents requirements:
- Windows 2000 Server or Advanced Server (Service Pack 1 or Service Pack 2) - Pentium 500-MHz processor or faster - 384-MB RAM minimum - 2-GB disk
| Step 2. | Install the CSA Management Console and CiscoWorks on the workstation that will contain and control the CSA Management Console and the CSA rules.
| Step 3. | Create as close to a mirrored production environment as you can. Install your applications and the proper CSA agent rules on your host and server systems.
| Step 4. | Follow the CSA user manual to put CSA in Test mode. When CSA runs in this mode, it generates alarms and sends alarms to the CSA Management Console. However, it does not kill any processes or stop bad behavior.
| Step 5. | Simulate a working application environment by running your applications as they would normally run in production.
| Step 6. | Look at each alarm generated on the CSA Management Console.
| Step 7. | If an alarm is generated by your application and is expected, click the "wizard" in the event log and tell CSA to write an exception for this alarm. This action will generate rules on-the-fly and essentially teach CSA which rules are acceptable for your applications. If you have problems determining the validity of a rule, contact the Cisco Technical Assistance Center for help.
|
CSA Production Deployment Now that CSA has learned what behavior is expected of your applications, you are ready to deploy CSA in your production environment: Step 1. | After you let CSA create a set of rules that will both secure your environment and allow your applications to run properly, you should deploy the CSA agents and CSA Management Console in your production environment.
| Step 2. | It is a good idea to still run CSA in Test mode for at least a week to ensure that no false alarms affect the operation of your business.
| Step 3. | After you are comfortable with your rules, use the CSA Management Console to turn CSA on in full Prevention mode.
| Step 4. | The polling process from the hosts will automatically download the rules in Prevention mode.
|
|
