| | Copyright |
| | About the Author |
| | | About the Technical Reviewers |
| | Acknowledgments |
| | This Book Is Safari Enabled |
| | Foreword |
| | | Command Syntax Conventions |
| | Introduction |
| | | Who Should Read This Book? |
| | | How This Book Is Organized |
| | Part I. The Need for Endpoint Security |
| | | Chapter 1. Introducing Endpoint Security |
| | | The Early Days: Viruses and Worms |
| | | The Present: Blended Threats |
| | | The Insider |
| | | Understanding Point Security Weaknesses |
| | | Using Attack-Detection Methods |
| | | Establishing a Security Policy |
| | | Summary |
| | | Chapter 2. Introducing the Cisco Security Agent |
| | | Intrusion Prevention and Intrusion Detection Technologies |
| | | The Life Cycle of an Attack |
| | | CSA Capabilities |
| | | CSA Components Overview |
| | | CSA Communication |
| | | CSA's Role Within SAFE |
| | | Summary |
| | Part II. Understanding the CSA Building Blocks |
| | | Chapter 3. Understanding CSA Groups and Hosts |
| | | The Relationship Between Groups and Hosts |
| | | Understanding CSA Groups |
| | | Understanding CSA Hosts |
| | | Summary |
| | | Chapter 4. Understanding CSA Policies, Modules, and Rules |
| | | The Relationship Between Policies, Modules, and Rules |
| | | Establishing Acceptable Use Documents and Security Policies |
| | | CSA Rules |
| | | CSA Rule Modules |
| | | CSA Policies |
| | | Summary |
| | | Chapter 5. Understanding Application Classes and Variables |
| | | Using Application Classes |
| | | Introducing Variables |
| | | Summary |
| | Part III. CSA Agent Installation and Local Agent Use |
| | | Chapter 6. Understanding CSA Components and Installation |
| | | General CSA Agent Components Overview |
| | | CSA Installation Requirements |
| | | Agent Kits |
| | | Summary |
| | | Chapter 7. Using the CSA User Interface |
| | | Windows Agent Interface |
| | | Linux Agent Interface |
| | | Solaris Agent Interface |
| | | Summary |
| | Part IV. Monitoring and Reporting |
| | | Chapter 8. Monitoring CSA Events |
| | | Status Summary |
| | | Event Log |
| | | Event Monitor |
| | | Event Log Management |
| | | Event Sets |
| | | Alerts |
| | | Summary |
| | | Chapter 9. Using CSA MC Reports |
| | | Audit Trail Reporting |
| | | Event Reporting |
| | | Group Detail Reporting |
| | | Host Detail Reporting |
| | | Policy Detail Reporting |
| | | Report Viewing |
| | | Creating a Sample Report |
| | | Summary |
| | Part V. Analyzing CSA |
| | | Chapter 10. Application Deployment Investigation |
| | | Using Application Deployment Investigation |
| | | Using Application Deployment Reports |
| | | Summary |
| | | Chapter 11. Application Behavior Analysis |
| | | Understanding Application Behavior Investigation Components |
| | | Configuring Application Behavior Investigation |
| | | Using Application Behavior Investigation on the Remote Agent |
| | | Analyzing Log Data |
| | | Viewing Behavior Reports |
| | | Exporting the Behavior Analysis Report Data |
| | | Analyzing UNIX Application Behavior |
| | | Creating Behavior Analysis Rule Modules |
| | | Summary |
| | Part VI. Creating Policy, Implementing CSA, and Maintaining the CSA MC |
| | | Chapter 12. Creating and Tuning Policy |
| | | Creating Policy |
| | | Tuning Policy |
| | | Summary |
| | | Chapter 13. Developing a CSA Project Implementation Plan |
| | | Planning for Success |
| | | The Project Plan |
| | | Outlining the Project Phases |
| | | Summary |
| | | Chapter 14. CSA MC Administration and Maintenance |
| | | CSA Licensing |
| | | CSA MC Registration Control |
| | | CSA MC Component Sharing |
| | | CSA MC Role-Based Access Control |
| | | Other CSA MC Administrative Features |
| | | CSA MC Backup and Restore Procedures |
| | | Summary |
| | Part VII. Appendixes |
| | | Appendix A. VMS and CSA MC 4.5 Installation |
| | | VMS v2.3 Components |
| | | Installation |
| | | Summary |
| | | Appendix B. Security Monitor Integration |
| | | Adding the CSA MC to the Security Monitor |
| | | Configuring the Security Monitor |
| | | Verifying Connectivity |
| | | Viewing Events in the Security Monitor |
| | | Summary |
| | | Appendix C. CSA MIB |
| | | CSA MC MIB Definitions |
| | Index |