Chapter 4. Understanding CSA Policies, Modules, and Rules

This chapter covers the following topics:

• The relationship between policies, modules, and rule

• Establishing acceptable use documents and security policies

• CSA rule

• CSA rule modules

• CSA policies

The Cisco Security Agent (CSA) product has various capabilities that allow it to solve the many security issues facing today s enterprise networks. The following are just some of the issues security practitioners attempt to answer today:

• How can I prevent known attacks from impacting my network?

• How can I prevent day-zero attacks from causing loss of my resource confidentiality, integrity, and availability?

• How can I prevent certain applications, such as peer-to-peer file-sharing systems, from negatively impacting my environment?

• How can I prevent unauthorized network connections both inbound and outbound on my computing resources?

• How can I prevent file access and modification?

• How can I prevent Trojan horses and spyware such as keystroke loggers from compromising my systems?

• How can I enforce the application of my written security policy?

All of these issues and many more can be solved through the proper application of CSA policies, modules, and rules, as discussed throughout this chapter.