Scribd Logo
Upload

Welcome to Scribd!

  • HIPS30S02L04

    Uploaded by

    api-3699464
    14 views25 pages
    This lesson describes the approaches to designing a Security Policy. You will also learn how to configure a Rule Module and how to add a rule to a module. The end of this lesson will help you meet these objectives.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This lesson describes the approaches to designing a Security Policy. You will also learn how to configure a Rule Module and how to add a rule to a module. The end of this lesson will help you meet these objectives.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views25 pages

    HIPS30S02L04

    Uploaded by

    api-3699464
    This lesson describes the approaches to designing a Security Policy. You will also learn how to configure a Rule Module and how to add a rule to a module. The end of this lesson will help you meet these objectives.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    Configuring Groups and Policies

    Configuring Policies

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-1


    Objectives

    At the end of this lesson, you will be able to meet these


    objectives:
    • Describe the approaches to designing a security policy
    • Describe how to configure a policy
    • Describe how to configure a rule module
    • Describe how to set conditional rules that are based on the
    system or user state
    • Describe how to add a rule to a rule module
    • Describe how to view details about the rules attached to a rule
    module
    • Describe how to compare rule modules
    • Describe how to generate a policy configuration to update rule
    and policy changes

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-2


    What Is a Security Policy?

    Security
    Policy

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-3


    Considerations for Designing a Security
    Policy

    Worms
    Security
    Policy
    Virus

    Network Resources

    Threat

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-4


    Designing a Security Policy

    There are two approaches to designing a security


    policy:
    • Permissive security model—Deny malicious actions and
    allow all other actions.
    • Restrictive security model—Allow required actions and deny
    all other actions.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-5


    Designing a Security Policy (Cont.)

    Security
    Policy

    Internet
    CSA MC

    Hosts

    Cisco IPS matches traffic to signatures of known exploits.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-6


    Inheriting Group Policies

    Accounting Group
    Finance Group

    All Group

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-7


    Building Policies and Rule Modules

    When configuring a policy, you need to identify these


    network security requirements:
    • The purpose of the policy
    • The tasks the rule modules comprising the policy must
    accomplish
    • The rule types that you must configure to accomplish these
    tasks

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-8


    Configuring a Policy

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-9


    Setting System State Conditions

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-10


    Setting System State Conditions (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-11


    Setting User State Conditions

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-12


    Configuring a Rule Module

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-13


    Adding a Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-14


    Copying a Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-15


    Viewing the Rules List

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-16


    Viewing Rule Explanation

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-17


    Viewing Change History

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-18


    Filtering the Rules Display

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-19


    Comparing Rule Modules

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-20


    Comparing Rule Modules (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-21


    Attaching a Rule Module to a Policy

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-22


    Attaching a Policy to a Group

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-23


    Summary

    • A security policy must balance business needs and security


    concerns.
    • Rule modules are the building blocks for the policies.
    • A rule module can contain different types of rules.
    • The System State and User State conditions provide for writing
    conditional rules, depending on the state of a system or the user of
    the system.
    • Rules can be copied to and from one rule module to another. Rules
    can also be cloned within the same rule module.
    • CSA MC provides an explanation of a policy, describing each rule
    and its role in the policy.
    • You can compare the configuration settings of two rule modules by
    using the Compare tool.
    • For the rules in a rule module to take effect, you need to attach a
    rule module to a policy and also attach the policy to a group.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-24


    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—2-25

    You might also like