Educause Security Discussion mailing list archives
Re: Cisco Security Agent and other HIPS
From: John Turner <turner () BRANDEIS EDU>
Date: Sat, 20 Jan 2007 10:19:07 -0500
We have been running CSA for about 3 years now and we have had some good and less than good experiences with it. We started at V4 (the first Cisco branded version) and are now on 5.2. It works VERY well on servers. It saved us once already from a potentially disastrous situation. We have been piloting it on workstations for about 2 years and have had mixed results. The product was built "correctly" in that it doesn't compromise on security, however it can become a user nuisance unless you work to build exceptions for applications you commonly run. If you tightly control the desktop then it would work as well as it does on servers. A feature in the system allows you to create profiles and export them as specific packages. So if you make exceptions for a specific product like an IM client you can export that and anyone can take it and import it into their system. The format is XML so it could be tweaked even before putting it in. I was really hoping that there would be an exchange where people could trade, or Cisco could post, profiles for new exceptions. But that hasn't happened yet. My guess is that to do it right you would need about 0.25 FTE devoted to this. We are working with the CSA product managers, who happen to be based down the road, to make the product better for the higher education market. John --- John W. Turner Director for Networks and Systems Brandeis University
flynngn () JMU EDU 01/11 3:30 PM >>>
Anyone be willing to comment on experiences with Cisco Security Agent or other Host Intrusion Prevention software? I'd like to put it on things like domain controllers, authentication servers, management servers, and high value, internet facing servers. Of course, reliability is a significant concern with those applications. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Cisco Security Agent and other HIPS Gary Flynn (Jan 11)
- <Possible follow-ups>
- Re: Cisco Security Agent and other HIPS Jason Richardson (Jan 19)
- Re: Cisco Security Agent and other HIPS Dave Koontz (Jan 19)
- Re: Cisco Security Agent and other HIPS David Grisham (Jan 19)
- Re: Cisco Security Agent and other HIPS John Turner (Jan 20)
- Re: Cisco Security Agent and other HIPS Dan Roberts (Jan 23)