Content
Securing Hosts Using Cisco Security Agent - ILT v3.0
This set of lab exercises (lab bundle) contains all eight exercises associated with the Securing Hosts Using Cisco Security Agent (HIPS v3.0) course. The hosts in the remote lab are set up for initial connectivity and the required software has been preinstalled. Set of the first five exercises are made in the first day of the course and the rest three exercises are made in the second day of the course.
In the first exercise "Cisco Security Agent Quick Start Installation", the learners launch Management Center for Cisco Security Agents (CSAMC), navigate host groups, obtain an agent kit and install Cisco Security Agent (CSA) software on the protected server.
In the second exercise "Configuring Groups and Managing Hosts", the learners create host groups, build agent kits, and change group membership of hosts.
In the third exercise "Building Policies", the learners add rule modules to security policies, copy rules within a module, and compare the modules. They view the change history, filter the rules display and assign a policy to a group.
In the fourth exercise "Working with Variables", the learners configure variables of various types, including: data sets, file sets, network address sets, network services sets, registry sets, and Component Object Model (COM) component sets.
In the fifth exercise "Defining Application Classes", the task is to create static and a dynamic application classes and assign file access rules to them. For the dynamic application class, the learners define an application-builder rule to populate the dynamic application class with processes that match the described behavior.
In the sixth lab exercise "Rule Basics", the learners create a rule module and populate it with rules of various types: agent service control, application control, connection rate limit, data access control, file monitor, and network access control. They test how the rules can be used to defend the protected server.
In the seventh lab exercise "Using Event Logs and Generating Reports", the learners launch attacks against the protected server and analyze the attacks using the event log, event sets, as well as alerting and reporting functions of CSA.
In the last exercise "Using Cisco Security Agent Analysis", the task is to use CSA analysis capabilities. The learners create, start, and review an analysis job, as well as view the analysis report.
The remote lab equipment consists of two hosts, as shown in the lab topology.
Content
This set of lab exercises contains the following exercises:
Objectives
Upon finishing this set of exercises, you will be able to:
Navigate and create host groups
- Change group membership of hosts
- Manage agent kits
- Deploy CSA software
- Create policies
- Add and copy rules within a module and compare modules
- View the change history, filter the rules display and assign the policy to a group
- Configure rules of the following types: agent service control, application control, connection rate limit, data access control, file monitor, and network access control
- Define static and dynamic application classes
- Create application-builder rules to populate dynamic application classes
- Configure variables for scalable referencing of data, files, network addresses, network services, registry entries, and COM components
- Use the CSA Analysis to create, start, and review analysis jobs
- Analyze reports
- Manage event logging and create event sets
- Use the alerting and reporting capabilities of CSAMC
Importance
This exercise is highly recommended for all students who want to extend their knowledge about host security. The purpose of this lab is to give you experience in configuring and managing the Cisco Secure Agent software. This remote lab covers all eight lab exercises from the HIPS course.
Target Audience
The course is targeted at pre- and post-sales technical support engineers as well as enterprise network administrators who want to deploy Cisco Secure Agent in their networks.
Prerequisite Knowledge
None