Chapter 2. Introducing the Cisco Security Agent

Previous page
Table of content
Next page
 < Day Day Up > 

This chapter covers the following topics:

  • Intrusion prevention and intrusion detection technologies

  • The life cycle of an attack

  • CSA capabilities

  • CSA components overview

  • CSA communication

  • CSA's role with SAFE

A common problem security professionals face today is the inability to enforce the written security policies they have meticulously created. The Cisco Security Agent (CSA) provides the solution to that problem. CSA is a distributed security policy enforcement mechanism for today s large networks as well as a day-zero Intrusion Prevention System.

NOTE

Any virus, worm, or malicious code that can impact a system is considered to be day zero if no available patch or signature is available to protect against the code s negative nature.


The CSA product accomplishes this task by enforcing very specific policies on end sys-tems. Mechanisms within the CSA product inspect various operating system operations and resources such as local files, registry operations and entries, COM object access, and inbound and outbound network connections.

When the original CSA developers set out to create a solution for securing endpoints, they wanted to create a new prevention-based system that would rely on a proactive behavioral method rather than try to improve old signature-based Intrusion Detection Systems that rely on more traditional reactive technology. In the past, securing end systems meant employing operating system policies, deploying antivirus solutions, utilizing personal firewalls, and hoping that your user base would adhere to the written acceptable use policies when using enterprise computing resources. Hope should never be part of your strategy when providing secure computing environments.

Although you should continue to develop successful security awareness programs and acceptable use policies, you do not need to trust those policies as your sole method for protecting end systems, nor should it take a small army of security personnel to maintain, monitor, and manage multiple endpoint security products. CSA enables you to enforce your security policies based on explicit rule definitions while reserving "hope" for other parts of your organization. This chapter provides an overview of the concepts and technologies integral to CSA, including the following:

  • The difference between intrusion prevention and intrusion detection

  • The life cycle of an attack

  • CSA capabilities

  • CSA architecture components

  • CSA component communication

  • CSA s role within the Cisco SAFE architecture

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Cisco Security Agent
    Cisco Security Agent
    ISBN: 1587052059
    EAN: 2147483647
    Year: 2005
    Pages: 145
    Authors: Chad Sullivan
    BUY ON AMAZON
    Java I/O
    VBScript Programmers Reference
    Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
    C++ How to Program (5th Edition)
    Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
    What is Lean Six Sigma
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy