Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Security Agent Default Policies and Rules

Hi,

I'm trying to evaluate CSA 4.0 in a lab environment. Having installed the Management Centre successfully, and installed the demo license key, I installed default agents on 3 machines: 1 NT4 Server & 1 2K Server using the Default Server kit, 1 XPPro using the default desktop kit and 1 XPPro with no agent, as per the evaluation guide. No recent OS patches have been applied to any of the test systems.

Once rebooted, I proceeded to attack the protected systems with some of the tools recommended in the eval guide (nmap & nessus running on Linux). Although the CSA MC logged numerous events during the port scans and attacks, both nmap and nessus were able to gain a lot of info about the protected hosts, which the eval guide suggests should not be the case. Nessus also successfully crashed the RPC service on both XP boxes.

I modified the netshield policy checking all options in there, which made a little difference, but not much. Anyone have any ideas? It was my understanding, that these kind of attacks should be blocked using the out-of-the-box policy configuration. Documentation seems to be a little thin on the ground...

Many Thanks,

Joe

2 REPLIES
New Member

Re: Cisco Security Agent Default Policies and Rules

New Member

Re: Cisco Security Agent Default Policies and Rules

Yup tried all of the docs I could find. I have just had a reply from TAC:

Dear Joesph.

After some tests were done, i can confirm that the crash happens on windows xp!!. however this problem has been fixed in CSA 4.0.1 and not in the evaluation version.

Let me know if you have any further questions.

Regards,

110
Views
0
Helpful
2
Replies
CreatePlease login to create content