Host Intrusion Prevention Best Practices


As stated in Chapter 10, "Deploying Host Intrusion Prevention," host intrusion prevention (CSA) is the last line of defense in a computer attack. The perimeter can do everything it's designed to do, and do it correctly, but there are still day-zero attacks that use valid traffic that can exploit your hosts and servers. Therefore, host intrusion prevention should be viewed as equally important as perimeter security devices.

Remember that host intrusion prevention might stop processes and programs that are acting badly. Therefore, be sure that you have given CSA a chance to tell the difference between good and bad device behavior. Therefore, it is important to deploy CSA correctly. You must put your applications in a lab with CSA and run them in Test mode before rolling CSA into production. It's even a good idea to continue running CSA in Test mode for a few weeks in production to ensure that you don't run into any unforeseen problems. After you have completed these steps, CSA should effectively stop any computer attack it encounters.



Securing Your Business with Cisco ASA and PIX Firewalls
Securing Your Business with Cisco ASA and PIX Firewalls
ISBN: 1587052148
EAN: 2147483647
Year: 2006
Pages: 120
Authors: Greg Abelar

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net