Scribd Logo
Upload

Welcome to Scribd!

  • HIPS30S06L01

    Uploaded by

    api-3699464
    26 views16 pages
    Identify the applications running on hosts and determine their usage patterns. Identify the installed applications that mostly remain unused. Use the collected data to generate and deploy effective policies for unprotected applications.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Identify the applications running on hosts and determine their usage patterns. Identify the installed applications that mostly remain unused. Use the collected data to generate and deploy effective policies for unprotected applications.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    26 views16 pages

    HIPS30S06L01

    Uploaded by

    api-3699464
    Identify the applications running on hosts and determine their usage patterns. Identify the installed applications that mostly remain unused. Use the collected data to generate and deploy effective policies for unprotected applications.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Using CSA Analysis

    Configuring Application Deployment


    Investigation

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-1


    Objectives

    At the end of this lesson, you will be able to meet


    these objectives:
    • Identify the use of Application Deployment Investigation
    • Describe how to configure group settings for analysis
    • Describe how to configure product associations
    • Describe how to configure unknown applications
    • Describe how to configure data management

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-2


    Application Deployment Investigation

    Advantages:
    • Identify the applications running on hosts and determine
    their usage patterns.
    • Identify the installed applications that mostly remain unused.
    • Identify the applications that are accessing critical network
    resources.
    • Use the collected data to generate and deploy effective
    policies for unprotected applications.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-3


    Group Settings

    Group 1 Group 2
    Application Deployment Application Deployment
    Investigation—Disabled Investigation—Disabled

    Application Deployment Group 3


    Investigation—Enabled Application Deployment
    on the Host Investigation—Enabled

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-4


    Configuring Group Settings

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-5


    Product Associations

    Application Class

    “Microsoft Office
    Product Applications”
    excel.exe
    Microsoft Office 2000 Association
    powerpnt.exe
    Standard (9.00.2720)
    winword.exe
    outlook.exe

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-6


    Configuring Product Associations

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-7


    Configuring Product Associations (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-8


    Practice: Creating a Product
    Association

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-9


    Unknown Applications

    Application Class

    Unknown Application
    “Antivirus
    Product
    Applications”
    Antivirus
    application Norton Antivirus 2000
    Antivirus application 1 Professional Edition
    3 Antivirus application 2
    Antivirus application 3

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-10


    Configuring Unknown Applications

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-11


    Configuring Unknown Applications (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-12


    Data Management

    Desktops
    Group
    Web Servers Group
    Archive and
    Purge Application
    Deployment Data
    Antivirus Data

    Process Data

    Network Data

    Mail Servers Group

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-13


    Configuring Data Management

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-14


    Summary

    • Application Deployment Investigation enables you to analyze and


    collect data regarding various network resource parameters.
    • By default, Application Deployment Investigation is disabled for all
    Windows groups. You need to enable it.
    • Application Deployment Investigation occurs on a host even if the
    process is enabled on only one of the groups the host belongs to.
    • You must associate software products with the comprising
    applications to include those products as part of the report criteria.
    • The applications that are not associated with any software product
    feature in the list of unknown applications.
    • Data Management enables you to organize the large amount of data
    collected during Application Deployment Investigation.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-15


    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—6-16

    You might also like