Scribd Logo
Upload

Welcome to Scribd!

  • HIPS30S04L01

    Uploaded by

    api-3699464
    20 views12 pages
    Identify the various Types of CSA MC Rules and their functions Identify the order in which rules are processed. A Rule Action List includes 10 prioritized actions that are applicable to any configured rule. The Set action causes a one-time configuration action and has six attributes.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Identify the various Types of CSA MC Rules and their functions Identify the order in which rules are processed. A Rule Action List includes 10 prioritized actions that are applicable to any configured rule. The Set action causes a one-time configuration action and has six attributes.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pps, pdf, or txt
    20 views12 pages

    HIPS30S04L01

    Uploaded by

    api-3699464
    Identify the various Types of CSA MC Rules and their functions Identify the order in which rules are processed. A Rule Action List includes 10 prioritized actions that are applicable to any configured rule. The Set action causes a one-time configuration action and has six attributes.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pps, pdf, or txt
    of 12

    Configuring Rules

    Rule Basics

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-1


    Objectives

    At the end of this lesson, you will be able to meet


    these objectives:
    • Identify the various types of CSA MC rules and their functions
    • Identify the order in which rules are processed

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-2


    Types of CSA MC Rules

    Rules

    Enforcement Rules Detection Rules

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-3


    Example: Enforcement Rules

    Attempt to Access
    a Host System Access Denied

    Hacker Enforcement Rule Host

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-4


    Example: Detection Rules

    cmd.exe
    “Detect”

    Host

    Detection Rule
    D e ny”
    cmd.exe “
    bash.exe
    command.com

    Host

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-5


    Rule Action List

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-6


    The Set Action

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-7


    Example: Differentiated Service Code Point
    and Per-Hop-Behavior

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-8


    Example: Differentiated Service Code Point
    and Per-Hop-Behavior (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-9


    Variables Used with Different Rule Types

    Data Sets Data Access Control Rule

    File Access Control Rule


    File Sets
    Application Control Rule

    Network Address Set Network Access Control Rule

    Variables Network Services Set Network Access Control Rule

    COM Component Set COM Component Access Control Rule

    Registry Set Registry Access Control Rule

    Query Settings Data Access Control Rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-10


    Summary

    • Rules can be broadly categorized into enforcement rules and


    detection rules.
    • When you configure a rule, you need to select an action,
    such as Allow or Deny, for that rule.
    • A rule action list includes 10 prioritized actions that are
    applicable to any configured rule.
    • Priorities determine the precedence of the rules.
    • The Set action causes a one-time configuration action and
    has six attributes.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-11


    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—4-12

    You might also like