Cisco Security Desktop Agent, 1000 Agent Bundle CSA-B1000-DTOP-K9 Hoja De Datos
Los códigos de productos
CSA-B1000-DTOP-K9
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 2 of 6
Figure 1
Cisco Security Agent
The Cisco Security Agent Solution
The Cisco Security Agent consists of a management console resident on a Microsoft Windows 2000 server and host-based agents that are
deployed on mission-critical desktops and servers. The agents use the HTTP and Secure Sockets Layer (SSL) protocols (128-bit SSL) for the
management interface, and for the communications between agents and the management console.
Agent Architecture
The Cisco Security Agent resides between the applications and the kernel, enabling maximum application visibility with minimal effect on
the stability and performance of the underlying operating system. The agent’s unique architecture intercepts all system calls to file, network,
and registry sources, as well as to dynamic, run-time resources such as memory pages, shared library modules, and Component Object Model
(COM) objects. The agent applies unique intelligence to correlate behaviors of these system calls, based on rules that define appropriate or
acceptable behavior for a specific application. This correlation and subsequent understanding of an application’s behavior is what allows the
software, as directed by the security staff, to prevent new intrusions.
When an application attempts an operation, the agent checks the operation against the application’s security policy making a real-time allow
or deny decision on its continuation, and determining if logging of the request is appropriate. Security policies are collections of rules that IT
and/or security administrators assign to protected servers and desktops on an enterprise-wide basis, or individually. These rules provide safe
application access to required resources. By combining security policies implementing distributed firewall, operating system lockdown,
integrity assurance, malicious mobile code protection, and audit event collection capabilities in default policies for servers and desktops, the
Cisco Security Agent provides defense-in-depth protection for exposed corporate systems.
Because protection is based on blocking malicious behavior, the default policies stop both known and unknown attacks without needing
updates. Correlation is performed both on the agent and on the manager. Agent-based correlation results in dramatically increased accuracy,
identifying actual attacks or misuse without blocking legitimate activity; correlation on the manager identifies global attacks like network
worms or distributed scans.
• ping addresses
• scan ports
• guess passwords
• guess mail users
• scan ports
• guess passwords
• guess mail users
• mail attachments
• buffer overflows
• activeX controls
• network installs
• compressed messages
• backdoors
• buffer overflows
• activeX controls
• network installs
• compressed messages
• backdoors
• create new files
• modify existing files
• weaken registry security settings
• install new services
• register trap doors
• modify existing files
• weaken registry security settings
• install new services
• register trap doors
• mail copy of attack
• web connection
• IRC
• FTP
• infect file shares
• web connection
• IRC
• FTP
• infect file shares
• delete files
• modify files
• drill security hole
• crash computer
• denial of service
• steal secrets
• modify files
• drill security hole
• crash computer
• denial of service
• steal secrets
Cisco
Prevents
probe
penetrate
persist
propagate
paralyze
1
2
3
4
5