Scribd
Upload
38 views23 pages

HIPS30S04L02

HIPS v3.0--4-2 Rules Common to Windows and UNIX hosts Identify the rules that are common to Windows and UNIX hosts Describe how to configure the Agent Service Control Rule. The Application Control Rule Allowing controlled number of network connections. The Data Access Control Rule Malformed Web server request request denied.

Uploaded by

api-3699464
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPS, PDF, TXT or read online on Scribd
38 views23 pages

HIPS30S04L02

HIPS v3.0--4-2 Rules Common to Windows and UNIX hosts Identify the rules that are common to Windows and UNIX hosts Describe how to configure the Agent Service Control Rule. The Application Control Rule Allowing controlled number of network connections. The Data Access Control Rule Malformed Web server request request denied.

Uploaded by

api-3699464
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPS, PDF, TXT or read online on Scribd
You are on page 1/ 23

Configuring Rules

Configuring Rules Common to Windows


and UNIX

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-1


Objectives

At the end of this lesson, you will be able to meet these


objectives:
• Identify the rules that are common to Windows and UNIX hosts
• Describe how to configure the Agent service control rule
• Describe how to configure the Agent UI control rule
• Describe how to configure the Application control rule
• Describe how to configure the Connection rate limit rule
• Describe how to configure the Data access control rule
• Describe how to configure the File access control rule
• Configure the File access control rule using the Set action
• Describe how to configure the Network access control rule
• Configure an application-builder rule to populate a dynamic
application class

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-2


Rules Common to Windows and UNIX
Hosts

Common Rules

Windows Host UNIX Host

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-3


The Agent Service Control Rule

Processes
stopped!

Agent Service
Control Rule

e
e r vic
p s
Sto

Waiting for
system reboot

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-4


Configuring the Agent Service Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-5


The Agent UI Control Rule

Agent user interface


visible to the end user

l R ule
ntr o
I Co
nt U
Age
Absen
ce of A Denied visibility of the
gent U Agent user Interface
I Con
trol R
CSA MC ule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-6


Configuring the Agent UI Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-7


The Application Control Rule

Attempt to invoke another program

--------
-------- Access denied

Application Control Rule


Malicious Program

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-8


Configuring the Application Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-9


The Connection Rate Limit Rule

Allowing controlled
number of network
connections

Connection Rate Limit


Host Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-10


Configuring the Connection Rate Limit Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-11


The Data Access Control Rule

Malformed Web
server request Request denied

-- --
- -
-- --
- -
-- --
- -

Data Access Control


Host Web Server
Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-12


Configuring the Data Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-13


The File Access Control Rule

Attempt to read a protected file

Request denied
Host File Access Control
Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-14


Configuring the File Access Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-15


Practice: Configuring the Set Action
for the File Access
Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-16


The Network Access Control Rule

Virus detected!

Access to network denied

Host Network Access


Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-17


Configuring the Network Access
Control Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-18


Configuring the Network Access
Control Rule (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-19


Configuring an Application-Builder Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-20


Practice: Configuring an
Application-Builder Rule

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-21


Summary

• Some rules provided by CSA MC are common to Windows and UNIX.


• The Agent Service Control rule stops the Agent security process.
• The Agent UI Control rule controls how the Agent user interface is
displayed.
• The Application Control rule controls the type of applications that can
run on Agents.
• The Connection Rate Limit rule controls the number of network
connections being sent and received by the systems within a time
frame.
• The Data Access Control rule controls unauthorized client requests.
• The File Access Control rule controls access to files.
• The Network Access Control rule controls access to specified network
services and network addresses.
• You can use access control rules to populate dynamic application
classes.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-22


© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-23

You might also like