Step 6: Full Deployment


After you are confident that you have correctly tuned the CSA policies, you should begin the full deployment phase. In this phase, you gradually install agents in Test Mode on the rest of the hosts within the scope of the project. As you expand your installation, you might encounter additional false positives. Tune them out as you go along.

Note

This phase is a good time to make sure your users are aware of what will be installed on their systems, how it works, and what to expect during the deployment. Classroom training, company-wide notes, posters, and announcements are all ways to raise user awareness of the project.


Eventually, you have agents running in Test Mode on every host you want to protect. When you are ready, select a group of hosts to take out of Test Mode. Let them run for a long enough time for you to feel comfortable that everything is working properly. Take another group out of Test Mode and continue taking groups out of Test Mode until all of the agents are fully protecting the hosts.

ACME took all of the hosts involved in the tuning phase out of test mode without incident. It proceeded to install agents in test mode on the remaining hosts at the rate of about 200 per day. Each set of freshly installed hosts was run for a day to check in test mode for any false positives they might have missed. If they didn't find anything to tune, they took the hosts out of test mode the following day. In 10 days, they had all of their agents fully deployed.




Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net