| | | Copyright |
| | | About the Author |
| | | | About the Technical Reviewers |
| | | Acknowledgments |
| | | This Book Is Safari Enabled |
| | | Foreword |
| | | | Command Syntax Conventions |
| | | Introduction |
| | | | Who Should Read This Book? |
| | | | How This Book Is Organized |
| | | Part I. The Need for Endpoint Security |
| | | | Chapter 1. Introducing Endpoint Security |
| | | | The Early Days: Viruses and Worms |
| | | | The Present: Blended Threats |
| | | | The Insider |
| | | | Understanding Point Security Weaknesses |
| | | | Using Attack-Detection Methods |
| | | | Establishing a Security Policy |
| | | | Summary |
| | | | Chapter 2. Introducing the Cisco Security Agent |
| | | | Intrusion Prevention and Intrusion Detection Technologies |
| | | | The Life Cycle of an Attack |
| | | | CSA Capabilities |
| | | | CSA Components Overview |
| | | | CSA Communication |
| | | | CSA's Role Within SAFE |
| | | | Summary |
| | | Part II. Understanding the CSA Building Blocks |
| | | | Chapter 3. Understanding CSA Groups and Hosts |
| | | | The Relationship Between Groups and Hosts |
| | | | Understanding CSA Groups |
| | | | Understanding CSA Hosts |
| | | | Summary |
| | | | Chapter 4. Understanding CSA Policies, Modules, and Rules |
| | | | The Relationship Between Policies, Modules, and Rules |
| | | | Establishing Acceptable Use Documents and Security Policies |
| | | | CSA Rules |
| | | | CSA Rule Modules |
| | | | CSA Policies |
| | | | Summary |
| | | | Chapter 5. Understanding Application Classes and Variables |
| | | | Using Application Classes |
| | | | Introducing Variables |
| | | | Summary |
| | | Part III. CSA Agent Installation and Local Agent Use |
| | | | Chapter 6. Understanding CSA Components and Installation |
| | | | General CSA Agent Components Overview |
| | | | CSA Installation Requirements |
| | | | Agent Kits |
| | | | Summary |
| | | | Chapter 7. Using the CSA User Interface |
| | | | Windows Agent Interface |
| | | | Linux Agent Interface |
| | | | Solaris Agent Interface |
| | | | Summary |
| | | Part IV. Monitoring and Reporting |
| | | | Chapter 8. Monitoring CSA Events |
| | | | Status Summary |
| | | | Event Log |
| | | | Event Monitor |
| | | | Event Log Management |
| | | | Event Sets |
| | | | Alerts |
| | | | Summary |
| | | | Chapter 9. Using CSA MC Reports |
| | | | Audit Trail Reporting |
| | | | Event Reporting |
| | | | Group Detail Reporting |
| | | | Host Detail Reporting |
| | | | Policy Detail Reporting |
| | | | Report Viewing |
| | | | Creating a Sample Report |
| | | | Summary |
| | | Part V. Analyzing CSA |
| | | | Chapter 10. Application Deployment Investigation |
| | | | Using Application Deployment Investigation |
| | | | Using Application Deployment Reports |
| | | | Summary |
| | | | Chapter 11. Application Behavior Analysis |
| | | | Understanding Application Behavior Investigation Components |
| | | | Configuring Application Behavior Investigation |
| | | | Using Application Behavior Investigation on the Remote Agent |
| | | | Analyzing Log Data |
| | | | Viewing Behavior Reports |
| | | | Exporting the Behavior Analysis Report Data |
| | | | Analyzing UNIX Application Behavior |
| | | | Creating Behavior Analysis Rule Modules |
| | | | Summary |
| | | Part VI. Creating Policy, Implementing CSA, and Maintaining the CSA MC |
| | | | Chapter 12. Creating and Tuning Policy |
| | | | Creating Policy |
| | | | Tuning Policy |
| | | | Summary |
| | | | Chapter 13. Developing a CSA Project Implementation Plan |
| | | | Planning for Success |
| | | | The Project Plan |
| | | | Outlining the Project Phases |
| | | | Summary |
| | | | Chapter 14. CSA MC Administration and Maintenance |
| | | | CSA Licensing |
| | | | CSA MC Registration Control |
| | | | CSA MC Component Sharing |
| | | | CSA MC Role-Based Access Control |
| | | | Other CSA MC Administrative Features |
| | | | CSA MC Backup and Restore Procedures |
| | | | Summary |
| | | Part VII. Appendixes |
| | | | Appendix A. VMS and CSA MC 4.5 Installation |
| | | | VMS v2.3 Components |
| | | | Installation |
| | | | Summary |
| | | | Appendix B. Security Monitor Integration |
| | | | Adding the CSA MC to the Security Monitor |
| | | | Configuring the Security Monitor |
| | | | Verifying Connectivity |
| | | | Viewing Events in the Security Monitor |
| | | | Summary |
| | | | Appendix C. CSA MIB |
| | | | CSA MC MIB Definitions |
| | | Index |
