Security Basics mailing list archives
RE: Cisco CSA
From: "Dante Mercurio" <Dante () webcti com>
Date: Fri, 28 May 2004 16:41:04 -0400
Cherian, We're a Cisco reseller, and after a few demos of CSA decided to embrace it as our point IDS/IPS solution. We had in the past sold Symantec and variations of Snort. For our customer base, the traditional IDS was a hard sell as they don't have resources to dedicate to reviewing and adjusting logs. They want something that helps adjust policy. CSA sets up very easy. The longest part is getting the management system CiscoWorks:VMS up and running. It states it needs a minimum of 1 gig of memory, and they aren't kidding. We ran it on a test bed system with 256 megs, and you could nap while it loaded. Once up and running however, it functions very smoothly. Our experience has been the best methodology is to roll it out in a test bed mode with the desktop, laptop, or server defaults, and monitor the results over the next few days. You'll see a number of applications doing some weird stuff that you will need to allow. Adjusting the triggered rule is as easy as looking in the log and running a wizard link on it. Rolling out the client isn't as automated as I would like. I'd love to see a .msi package or a push out like anti-virus. Right now, the client is distributed via a web link to the management station. You can set it up to run transparently if you like. Per Cisco: The default CSA 4.0 server and desktop policies stop successful execution of Sasser attack on devices with CSA installed. http://www.cisco.com/application/pdf/en/us/guest/netsol/ns441/c664/cdcco nt_0900aecd800f613b.pdf Beware the wording above. If you are not running the default configuration because you adjusted it in some way, then you may be vulnerable. Hope this info helps, M. Dante Mercurio dante () webcti com Consulting Group Manager Continental Technologies, Inc www.webcti.com -----Original Message----- From: Cherian Palayoor [mailto:securinet2004 () yahoo ca] Sent: Tuesday, May 25, 2004 7:35 PM To: security-basics () securityfocus com Subject: Cisco CSA Hi, Can anyone give me some feedback on the Cisco Security Agent. This product claims to stop malicious behaviour on machines infected by any malware. We were recently hit pretty hard by Sasser. Cisco has since been trying to sell us this product as a heuristic solution to malicious activity on the network. The product does not depend on any signature updates and is entirely behavioural. Cisco puports to have successfully stopped Sasser from doing any damage. Can anyone confirm this to be a fact. The product does not come cheap. Thanks in advance. Regards Cherian ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Cisco CSA Cherian Palayoor (May 26)
- RE: Cisco CSA Jason Jaszewski (May 28)
- <Possible follow-ups>
- RE: Cisco CSA Damon Brinkley (May 27)
- Re: Cisco CSA John Kingston (May 27)
- Re: Cisco CSA professor buddha (May 27)
- RE: Cisco CSA Ralph H. Chapman (May 27)
- Re: Cisco CSA bryan_khoo (May 27)
- RE: Cisco CSA Dante Mercurio (May 28)
- RE: Cisco CSA Scherer, Brian (May 28)
- RE: Cisco CSA Gary Freeman (May 28)
- RE: Cisco CSA Dave Gonsalves (May 29)
- RE: Cisco CSA Ayers, Diane (May 31)