I spent an hour last week recalling, discussing and calling to the local cisco representative on "what is the right service for security product X?" and "what does it mean?" and "do the major updates included?". As I did a dozen times before because there are a lot of security products and a lot of little nuances here and there and everywhere. So I decided to quit the "bad practice" and write it down forever and ever.
For those who interested in Cisco Security Agent (CSA) i've prepared the live demonstration of an attack and how CSA can stop that. The first part of demo includes Internet Explorer remote exploitation, which gives remote shell to the 'villain' and the second part shows what happens if CSA intalled on victims computer.
The matter is that I was astonished by simplicity how almost anyone could be compromized by just clicking on "harmless" link. How many links do you click every day? Hundreds? Thousands? A lot! And any of them could be as dangerous as a villain wants that to be. Remote access to your PC, VNC-server installation? A piece of cake.
CSA can do several actions on all security events that happens in OS. All actions or rules have the certain priority which are required to remeber when we configure security policies on CSA MC
The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. In other words we use these standards when we work with public key cryptography in general and especially with digital certificates.
Although there are a lot of cisco command aliases that everyone could do I prefer to use original commands (the typing speed matters though). The exceptions are several pretty comlex and often used commands (such as ipsec-related ones) and commands that loos like scripts. The examples are below:
