Builtin Policy Details

CSA has many default policies that provide a baseline for commonly configured operating systems and applications. Although it is almost a certainty that policy and rule tweaking will be required to make CSA work in your environment, these policies are a great place to start. The default policies are also good models to use to educate on what can be done with CSA rules and how they are applied to protect systems and information.

NOTE Regardless of any rules, CSA protects itself from modification by any application. This functionality cannot be changed unless the agent is manually disabled. Attempts by certain application classes to modify the agent might not be logged, such as the case with virus scanner applications, but the attempts still fail.

Policies are included for base protection of workstations, servers, and specific services or applications. Workstations typically act as clients for network services and servers, as the name implies, accept connections, and provide network services. CSA policies are tailored for the two usage profiles, and along with specific application policies, make sure that critical services are permitted to perform their assigned duties while the system and data is still protected in accordance with the written security policy.

As we discuss these policies, we discuss the combinations of policies assigned to different builtin groups. This gives us a better idea of what the policies actually do and puts things in a broader context. Remember that groups are specific to each operating system type or target; however, policies can be applied across operating system types to groups of each kind. Figure 8-1 shows us the application classification policy applied to all three target operating system groups.

Figure 8-1 Example of a Policy Applied Across Multiple Operating Systems

Flo Edit View Favorites Tools help f^l

■i-' Back - ^ ■ g) ¿21 | Search [ij Favorites

Media C3 | #

Address |2i] https://csamc45/csamc45/webadmin

jJ .ji>Go Links "

ÇlSÇ^YS^MS Management Center for Cisco Security Agents V4.5

Close | Help | About

Configuration ► Policies > Application Classification [VA.5 r565] > Group Associations other policiesu

Application Classification is not attached to the following groups:

Application Classification is attached to the following groups:

Desktops - All types [L, V4.5 r565] Servers - All types [L, V4.5 r565] Servers - Apache Web Servers [L, V4.5 r565] Servers - Externally deployed [L, V4.S r565] Servers - Internally deployed [L, V4.5 r5B5] Systems - Mission Critical [L, V4.5 r565] Systems - Restricted Networking [L, V4.5 r565|

"1

!

Add» | «Remove |

<AII Linux> [L] <AII Solaris> [S] <AII Windows? [W]

ij

C

No rule ch,ngeS psnd

irig

[fë"| Management Center For Cisco 5ecurity Agents V4.5

-

fl" |fai Local intranet

Was this article helpful?

0 0

Post a comment