Scribd Logo
Upload

Welcome to Scribd!

  • HIPS30S04L03

    Uploaded by

    api-3699464
    24 views24 pages
    Identify the rules that are available to Windows hosts only Describe how to configure The COM Component Access Control Rule. Configure the NT Event Log rule. The kernelel protection rule Attempt to access operating system access denied.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Identify the rules that are available to Windows hosts only Describe how to configure The COM Component Access Control Rule. Configure the NT Event Log rule. The kernelel protection rule Attempt to access operating system access denied.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views24 pages

    HIPS30S04L03

    Uploaded by

    api-3699464
    Identify the rules that are available to Windows hosts only Describe how to configure The COM Component Access Control Rule. Configure the NT Event Log rule. The kernelel protection rule Attempt to access operating system access denied.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Configuring Rules

    Configuring Windows-Only Rules

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-1


    Objectives

    At the end of this lesson, you will be able to meet these


    objectives:
    • Identify the rules that are available to Windows hosts only
    • Describe how to configure the Clipboard access control rule
    • Describe how to configure the COM Component access control rule
    • Configure the COM Component access control rule
    • Describe how to configure the File version control rule
    • Configure the File Version control rule
    • Describe how to configure the Kernel Protection rule
    • Describe how to configure the NT Event Log rule
    • Describe how to configure the Registry access control rule
    • Describe how to configure the Service Restart rule
    • Describe how to configure the Sniffer and Protocol Detection rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-2


    Windows-Only Rules

    • Clipboard Access Control rule


    • COM Component Access Control rule
    • File Version Control rules
    • Kernel Protection rule
    • NT Event Log rule
    • Registry Access Control rule
    • Service Restart rule
    • Sniffer and Protocol Detection rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-3


    The Clipboard Access Control Rule

    Clipboard
    Clipboard Access
    Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-4


    Configuring the Clipboard Access
    Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-5


    The COM Component Access Control Rule

    VB
    Script

    COM Component
    Access Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-6


    Configuring the COM Component Access
    Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-7


    Practice: Configuring the COM
    Component Access Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-8


    The File Version Control Rule

    IE 5.0

    File Version Control


    Rule IE 4.5

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-9


    Configuring the File Version Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-10


    Practice: Configuring the File
    Version Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-11


    The Kernel Protection Rule

    Attempt to access operating system

    Access denied

    Kernel Protection Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-12


    Configuring the Kernel Protection Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-13


    Configuring the Kernel Protection Rule
    (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-14


    The NT Event Log Rule

    NT Event Log Rule CSA MC


    Event Log

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-15


    Configuring the NT Event Log Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-16


    The Registry Access Control Rule

    VB

    Registry
    Registry Access
    Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-17


    Configuring the Registry Access
    Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-18


    The Service Restart Rule

    Service terminated

    Service restarted
    Service Restart Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-19


    Configuring the Service Restart Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-20


    The Sniffer and Protocol Detection Rule

    NetBIOS

    IP

    Sniffer and Protocol CSA MC Event


    Detection Rule Log

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-21


    Configuring the Sniffer and Protocol
    Detection Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-22


    Summary

    • CSA MC provides several rules that can be used to protect Windows-specific


    components.
    • The Clipboard Access Control rule is used to allow or deny access to the data
    written to the clipboard by a specific set of applications.
    • The COM Component Access Control rule is used to prevent unauthorized
    applications from accessing COM components.
    • The File Version Control rule is used to control the software versions of
    applications that can run on hosts.
    • The Kernel Protection rule is used to prevent unauthorized access to the
    operating system.
    • The NT Event Log rule is used to make specific NT Event Log items appear in the
    CSA MC Event Log.
    • The Registry Access Control rule is used to allow or deny applications from
    writing to specified registry keys.
    • The Service Restart rule is used to restart Windows services that have stopped or
    are not responding to service requests.
    • The Sniffer and Protocol Detection rule is used to log an event when non-IP
    protocols and packet sniffer programs are detected to be running on a system.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-23


    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-24

    You might also like