CA Host-Based Intrusion Prevention

 
 
By Cameron Sturdevant  |  Posted 2008-09-26
 
 
 

CA Host-Based Intrusion Prevention

Slide 1

CA Host-Based Intrusion Prevention

CA Host-Based Intrusion Prevention - CA HIPS Client Dashboard

Slide 2

I deployed the CA Host-Based Intrusion Prevention System in "verbose" mode so that I could see the local console. It can be deployed silently and with no local user interface. Notice that the firewall, intrusion prevention and operating system protection modules are also installed (see "POLICY INFORMATION," lower left).


CA Host-Based Intrusion Prevention - CA HIPS Client Dashboard

CA Host-Based Intrusion Prevention - Application Repository

Slide 3

The CA HIPS management server uses an application repository to define application files, the trust status of those applications and other application characteristics that are used to generate whitelisting policy.


CA Host-Based Intrusion Prevention - Application Repository

CA Host-Based Intrusion Prevention - Event Viewer

Slide 4

On the management server, IT staff can see up-to-date notifications of host activity.


CA Host-Based Intrusion Prevention - Event Viewer

CA Host-Based Intrusion Prevention - Generate Reports

Slide 5

CA HIPS reports boil down the event notification data from large groups of machines into meaningful chunks.


CA Host-Based Intrusion Prevention - Generate Reports

CA Host-Based Intrusion Prevention - Client Activity

Slide 6

Managers can see at a glance if client systems have the latest version of firewall, IPS, application repository and OS protection policies in place on the client's activity screen. However, the activity log can become bloated with operational notices that make it harder to find red flags.


CA Host-Based Intrusion Prevention - Client Activity

CA Host-Based Intrusion Prevention - Policies

Slide 7

Setting baseline inbound/outbound policy was a snap with CA HIPS (in yellow), which, along with the monitoring policy, allowed me to get a picture of normal activity on our monitored clients' systems before implementing more stringent lockdown requirements.


CA Host-Based Intrusion Prevention - Policies

CA Host-Based Intrusion Prevention - See More Slide Shows Like This One

CA Host-Based Intrusion Prevention - See More Slide Shows Like This One

Rocket Fuel