Chapter 8. Managing the Cisco Security Agent

Previous page
Table of content
Next page

The Cisco Security Agent represents the last line of defense in a layered self-defending network. The Cisco Security Agent operates directly on the end station by monitoring the OS kernel and requests to the file system, network resources, and registry keys. The Cisco Security Agent can reside directly on the PC, laptop, or server in the network. Cisco Security Agent is supported on Windows, Solaris, and Linux machines.

Cisco Security Agent can provide a day-zero defense against new network attacks since the Cisco Security Agent is looking for malicious behavior directly on a workstation instead of known worms and viruses that can participate in a network attack. Day-zero is a fancy way of saying that an attack can be stopped by looking at the symptoms of an attack, rather than a unique identifier or signature of the attack. For example, a virus may delete a specific system file, but day-zero protection would notify the user that something was trying to delete any system file rather than looking for a specific virus. Day-zero protection does not require any host signatures and is a good complement to other signature-based defenses, such as network IPS.

The Cisco Security Agents are centrally managed by the Management Center. The Management Center features an easy-to-use web GUI and uses HTTPS between the Management Center and the Cisco Security Agent on the end station to ensure security during the configuration process. The Cisco Security Agent Management Center includes support for the following features:

  • Day-zero protection against certain attacks

  • Host intrusion prevention

  • Protection against buffer overflows

  • Port scan detection

  • Distributed personal firewall protection

  • Protection against spyware/adware

  • Application inventory

  • Location-based polices depending upon whether the machine is on a home network or the corporate network

  • Policies to restrict access to removable media, including USB devices

  • Support for International Windows

  • Native end-station Cisco Security Agent Panel support for French, German, Japanese (Kanji), Chinese, Italian, Spanish, and Korean

  • Application inventory and use-tracking

  • Hot fix and Service Pack (SP) checking

  • File and directory protection

  • Enforcing security policies for data on Clipboard

  • Antivirus DAT checking

  • Windows XP Home Edition support

  • Embedded Cisco Trust Agent in Cisco Security Agent

  • Auto-enrollment group for Windows, Solaris, and Linux

  • QoS marking of applications from Cisco Security Agent

  • VMWare qualification

  • Tablet PC qualification

  • Solaris 9

Cisco Security Agent also contains an optional component known as the network shim. The network shim provides additional protection on end stations, including protection against attacks by detecting SYN floods, port scans, and malformed packets at shim layer on the OS at the end station.


Previous page
Table of content
Next page
Setf-Defending Networks(c) The Next Generation of network Security
Self-Defending Networks: The Next Generation of Network Security
ISBN: 1587052539
EAN: 2147483647
Year: N/A
Pages: 112
Authors: Duane De Capite
BUY ON AMAZON
Project Management JumpStart
Metrics and Models in Software Quality Engineering (2nd Edition)
Building Web Applications with UML (2nd Edition)
A Practitioners Guide to Software Test Design
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Twisted Network Programming Essentials
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy