Client/Server Application

 
 
By Cameron Sturdevant  |  Posted 2008-09-29 Print this article Print
 
 
 
 
 
 
 


 

CA HIPS is a client/server appli??ícation. I installed the CA HIPS server in a VMware ESX Server 3.5 environment on a VM (virtual machine) configured with a sin??ígle processor, 20GB drive, 2GB of RAM and a single NIC with a fixed IP address.

CA HIPS can use an exter??ínal Microsoft SQL Server 2005 database to track clients, which I installed on a VM in the same VMware ESX cluster. There is currently no Oracle database support. The CA HIPS agent, which performs monitoring and policy enforcement on the target workstations and servers, can be installed on Windows 2000-, XP- or 2003-based systems. Vista is not currently supported.

CA HIPS policies are enforced according to a complex set of rules. Out of the box, I used the monitor (everything is allowed and tracked) to start learning about the applications on my systems. Other policy groups were relevant to the firewall and IDS functionality of the product, although applica??ítion rules I created could be used in these modules. Users are not able to allow unapproved applica??ítions.

Instead of allowing end-user control over application approval, CA HIPS provides a "test har??íness" that can be used in learning mode on representative end-user systems. I used a model com??íputer with the test harness appli??ícation to detect network traffic and applications. I then created rules and policies that governed how end users could use these applications and then imported the rules to the CA HIPS server for deployment.

The process for using the test harness was quite tedious and required a complex workflow to ensure that the application reposi??ítory, firewall zones and OS security rules were imported correctly.

While the CA HIPS monitors client activity, it was not easy to understand what kind of counter??ímeasures were being taken by the CA HIPS agent to protect my end-user systems. Like Bit9's Parity, it was easy to get lost in the volumi??ínous amount of system messages, the vast majority of which merely reported only that the system was functioning normally.

After installing the CA HIPS agent on a system, the product started to work at once. While the agent can be installed and active with no user notification, I used mine with the local user interface active. Here I could see how many files had been blocked and get other information about how the product was working. While I was able to get most of this informa??ítion in the reporting tool provided on the administrative console, I can imagine that end users would appreciate and use this kind of information.

I easily integrated CA HIPS with the Active Directory infrastructure in use on my test network, which made short work of grouping end-user systems.

Once the CA HIPS system was fully operational, I spent most of my time in the reports section, gathering information about what was happening in my test envi??íronment. Combined with data I gleaned from the event viewer and the system messages, I was able to get a fair idea of the security landscape among my monitored Windows systems.

eWEEK Labs Technical Director Cameron Sturdevant can be reached at csturdevant@eweek.com.

 

 

 



 
 
 
 
Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel