User name:


Copyright © 2006.
All Rights Reserved

Securing Hosts Using Cisco Security Agent

Course Details:

  • Days: 2
  • Course Code: CIHIPS
  • Booking: Please ring 08450 504 505


Securing Hosts Using Cisco Security Agent (HIPS) takes a task-oriented approach to teaching the skills to deploy, configure, and administer CSA to protect server and workstation hosts.


  • Certification as a CCNA or the equivalent knowledge.
  • At least six months practical experience configuring Cisco IDS Sensors.
  • Competency in using the Windows NT operating system.
  • Familiarity with implementing network security policies and the following networking concepts: Perimeter security system components: perimeter router, firewall, bastion host / Servers and Hosts

Delegates will learn how to

  • Identify the platforms and infrastructure that support CSA and the CSA MC
  • Describe the CSA architecture and the CSA MC
  • Configure the way CSA protects a host system
  • Install CSA with a default Agent kit
  • Create host groups and build Agent kits
  • Define application classes and associate them with the appropriate security policies
  • Use variables for granular control when creating rules
  • Configure security policies and rules
  • Configure system correlation rules for CSA
  • Identify which rules are for Windows, UNIX, and both platforms
  • Perform data analysis and create policies with CSA Analysis
  • Manage the Event Log and generate reports

Course Outline

Security Fundamentals

  • Need for Network Security
  • Network Security Policy
  • Network Attack Taxonomy

Cisco Security Agent Overview

  • Defence in Depth
  • Cisco Security Agent Architecture
  • Anatomy of an Attack and Response
  • Key Features of Cisco Security Agent

Cisco Security Agent Quick Start Installation

  • CSAMC System Requirements
  • CSA System Requirements
  • Installing the CSAMC
  • Configuring the CSAMC
  • Installing the CSA

Cisco Security Agent Management Center Administration

  • Using Cisco Security Agent Management Centre

Using Event Logs and Generating Reports

  • The Event Log and Event Monitor
  • Configuring Event Sets
  • Configuring Alerts
  • Generating Reports

Configuring Groups and Managing Hosts

  • Configuring Groups
  • Building and Agent Kit
  • Managing Hosts
  • Deploying Scheduled Software Updates

Building Policies

  • Developing a Security Policy
  • Rule Basics
  • Policy Components
  • Configuring and Managing Policies
  • Rules common to Windows and Unix
  • Windows-Only Rules
  • Unix-only Rules

Defining Application Classes

  • About Application Classes
  • Configuring Static Application Classes
  • Dynamic Application Classes

Working with Variables

  • Data Sets
  • File Sets
  • Network Address & Services Sets
  • Registry Sets
  • COM Component Sets

Using Cisco Security Agent Profiler

  • Basics of Profiler
  • Configuring an Analysis Job
  • Starting Analysis
  • The profiler Policy
  • Profiler Reports


For more information or to apply please call 08450 50 45 05 or complete the form below;


* These fields are required