Академический Документы
Профессиональный Документы
Культура Документы
Note
Since the release of this document, Cisco Security Agent update 4.0.1 has been
made available. Although the information contained in this document remains
valid, additional information, some which may supersede this document, is
provided in a readme file available with the 4.0.1 update. Please refer to the 4.0.1
readme file in addition to this document. You should also review the Cisco
Security Agent documentation on Cisco.com for any updates.
These release notes are for use with Management Center for Cisco Security
Agents (CSA MC) 4.0. The following information is provided:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Copyright 2003 Cisco Systems, Inc. All rights reserved.
Caution
When you download the digest file, make sure your browser has transitioned to
https mode for a secure download.
Step 1
Step 2
The verify_digests.exe program then prompts you for the directory of the files.
Specify the Startup Disk location, press Enter and verify_digests.exe will
validate each file.
Note
Note that you can enter the CD drive letter and check the files on the CD itself or
you can copy the files to your system and check them from the directory to which
they were copied.
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
New Features
The output displays "OK" if the hashes match and the files are valid.
If the digest program cannot locate a file, "File not found" is displayed. Check
the location of the files.
New Features
This release contains the following new features:
Buffer Overflow Pattern Exclusion
Use the Wizard from the Event log message in question to exclude a
particular pattern when you are seeing buffer overflow events you believe are
harmless.
Bulk Transfer of Hosts
Use the Bulk Transfer feature to easily move or copy all hosts from a group
you select into the Group you are currently viewing. This is an efficient way
to move large numbers of hosts between groups.
Cisco VPN Client Support
The Cisco Security Agent is a supported configuration for the "Are You
There?" feature of the Cisco VPN Client Release 4.0. For configuration
details, please refer to the Cisco VPN Client documentation.
CSA Profiler Integrated with CSA MC
Cisco Security Agent Profiler capability is integrated and installed with CSA
MC. Cisco Security Agent Profiler software works with CSA MC and Cisco
Security Agent, serving as a data analysis and policy creation tool for
administrators who are deploying policies across systems and networks.
Configurable Downloaded Content Application Class
CSA MC ships with a pre-configured application class called <Processes
executing downloaded content>. This class includes any downloaded
executable or any process that is interpreting downloaded content. If
necessary, you can edit any of these downloaded content fields and make any
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
New Features
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
New Features
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
Documentation Roadmap
Documentation Roadmap
Note
Although every effort has been made to validate the accuracy of the information
in the printed and electronic documentation, you should also review the Cisco
Security Agent documentation on Cisco.com for any updates.
The following documents are provided as PDF files on your Product CD:
These files are available in the top level directory of the product CD in the
Documentation folder. After installation, they are also available in the
CSAMC\doc subdirectory.
Note
You must use Adobe Acrobat Reader (version 4.0 or later) to view these files. You
can download a free Acrobat reader from www.adobe.com.
Caution
Management Center for Cisco Security Agents does not run on the 90-day
evaluation license that other Common Services applications use. You must
register CSA MC and provide the PAK to obtain a valid CSA MC license.
To obtain a production license, register your software at one of the following web
sites.
If you are a registered user of Cisco.com, use this website:
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
http://www.cisco.com/cgi-bin/Software/FormManager/formgenerator.pl.
If you are not a registered user of Cisco.com, use this website:
http://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl.
After registration, the software license will be sent to the email address that you
provided during the registration process. Retain this document with your VMS
bundle product software records.
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
Server Requirements
System Component
Hardware
Requirement
Processor
Operating System
File System
NTFS
Memory
1 GB minimum memory
Virtual Memory
2 GB virtual memory
For optimal viewing of the CSA MC UI, you should set your display to a
resolution of 1024 x 768 or higher.
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
Caution
On a system where CSA MC has never been installed, the CSA MC setup
program first installs MSDE with Service Pack 3. If the CSA MC installation
detects any other database type attached to an existing installation of MSDE,
the installation will abort. This database configuration is not supported.
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
System Component
Requirement
Processor
Operating Systems
Note
Memory
15 MB or higher
Note
Network
Ethernet or Dial up
Note
Release Notes for Management Center for Cisco Security Agents 4.0
10
78-15603-02
Note
System Component
Requirement
Processor
Operating Systems
Solaris 8, 64 bit
Note
Memory
256 MB minimum
15 MB or higher
Note
Network
Ethernet
Note
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
11
Upgrade Support
Caution
On UNIX systems running Cisco Security Agents, if you add a new type of
Ethernet interface to the system, you must reboot that system twice for the agent
to detect it and apply rules to it accordingly.
Upgrade Support
Upgrading StormWatch versions 3.0 and earlier to Cisco Security Agent V4.0 is
not supported.
See Installing Management Center for Cisco Security Agents provided as a PDF
file on the product CD for product upgrade and installation instructions.
Release Notes for Management Center for Cisco Security Agents 4.0
12
78-15603-02
Caution
If you are using the default policy to protect your VMS system (not the more
restrictive policy described above) you should be aware of a specific vulnerability
present in Windows 2000 SP3 that the default policy does not protect against. That
vulnerability is described in Microsoft article Q326830. For interoperability
reasons, it is by design that the default policy protecting the VMS system does not
protect against this vulnerability. To protect your VMS system against a possible
denial of service or other attack using this known vulnerability, you can either
deploy the more restrictive VMS policy or install Microsoft hotfix Q326830.
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
13
Caution
If you are installing or uninstalling various VMS components, and you have a
Cisco Security Agent protecting the VMS bundle, you should disable the agent
service before you install or uninstall of any other VMS component. (You do not
have to do this when installing or uninstalling CSA MC.) To disable the agent
service, from a command prompt type net stop Cisco Security
Agent. (You may receive a prompt asking if you want to stop the agent service.
You should clickYes.) To enable the service, type, net start Cisco
Security Agent.
If you do not disable the agent service and you attempt to alter a CiscoWorks
system configuration, the agent may disallow the action or it may display multiple
queries to which you must respond.
Release Notes for Management Center for Cisco Security Agents 4.0
14
78-15603-02
Login to CSAMC and navigate to the "CiscoWorks VMS module" policy. The
policy is accessible from Configuration>Policies in the menu bar.
Step 2
Once you locate the policy, click the <#>rules link to access the policy rules list.
Step 3
Change the Allow rule "CiscoWorks RME Gatekeeper daemon, server for TCP
and UDP services" from Disabled to Enabled. (Select the checkbox beside the rule
and click the Enable button in the footer frame of CSAMC. Remember to save
your changes.)
Step 4
Generate rules.
Step 5
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
15
Known Issues
Table 4 provides information on known issues found in this release.
Table 4
Platform
Summary
Explanation
Windows and
UNIX
Windows XP
Windows
Windows
Release Notes for Management Center for Cisco Security Agents 4.0
16
78-15603-02
Known Issues
Table 4
Platform
Summary
Explanation
Windows
Windows
Automatic agent software updates You should not schedule Automatic software
for dial-up users
updates for dial-up users. Because dial-up users
have connections of varying speeds and due to
download bandwidth needs, automatic software
updates may fail or time out. Better to schedule
non-automatic updates and allow dial-up users to
download when they are either in the office or
when they can dedicate bandwidth to the
download.
Windows
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
17
Known Issues
Table 4
Platform
Summary
Explanation
Windows
Upgrading operating systems with When upgrading operating systems, uninstall the
agent present
agent first. When the new operating system is in
place, you can install a new agent kit. When
applying a service pack, you can disable the agent,
apply the service pack, and enable the agent.
Windows
Windows
Windows
Connectivity issues
Release Notes for Management Center for Cisco Security Agents 4.0
18
78-15603-02
Known Issues
Table 4
Platform
Summary
Explanation
Windows
Windows
UNIX
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
19
Known Issues
Table 4
Platform
Summary
Explanation
UNIX
UNIX
Release Notes for Management Center for Cisco Security Agents 4.0
20
78-15603-02
Known Issues
Table 4
Platform
Summary
Explanation
UNIX
UNIX
UNIX
UNIX
UNIX
UNIX
UNIX
Snooping data
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
21
Known Issues
Table 4
Platform
Summary
Explanation
UNIX
Network rules and IPV6 addresses Network rules work only with IPV4 addresses.
(Note the following exception:Using @local or
explicitly using the address range 0 255.255.255.255 will include IPV6 addresses.)
UNIX
UNIX
UNIX
Inadvertently blocking access to a You can inadvertently block all access to a device,
device
such as your keyboard, with a File access control
rule. If this occurs, to recover, fix or delete the rule
in question and generate rules. If the agent can
download the new rules, your system may or may
not recover immediately depending on how
gracefully the service for the device failed. If rules
were downloaded and the service is still not fixed,
a reboot should allow the system to recover. If the
agent cannot download the new rules, boot the
machine into single user mode [boot -s] and enter
system maintenance mode by typing in the
superuser password. Then delete the current rule
set by typing [rm/opt/CSCOcsa/cfg/agent.rul].
Then exit. The system will come up with the agent
downloading the new "good" rule set that you have
fixed.
Release Notes for Management Center for Cisco Security Agents 4.0
22
78-15603-02
Known Issues
Table 4
Platform
Summary
Explanation
UNIX
UNIX
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
23
Known Issues
Table 5
Bug ID
Summary
Additional Information
CSCin47432
CSCin47547
Uninstall issue when SQL server is During the CSA MC uninstall, a number of SQL
not running
server queries are performed. If the SQL server is
not running, then these queries cause the uninstall
to fail.
To prevent this uninstall issue, you should not
remove or stop the SQL server before uninstalling
CSA MC.
Release Notes for Management Center for Cisco Security Agents 4.0
24
78-15603-02
Known Issues
Table 5
Bug ID
Summary
Additional Information
CSCin47564
CSCin45700
also see
Bug ID
CSCeb18384
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
25
Obtaining Documentation
Obtaining Documentation
Cisco provides several ways to obtain documentation, technical assistance, and
other technical resources. These sections explain how to obtain technical
information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at
this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
http://www.cisco.com
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco
Documentation CD-ROM package, which may have shipped with your product.
The Documentation CD-ROM is updated regularly and may be more current than
printed documentation. The CD-ROM package is available as a single unit or
through an annual or quarterly subscription.
Registered Cisco.com users can order a single Documentation CD-ROM (product
number DOC-CONDOCCD=) through the Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_t
ool_launch.html
All users can order monthly or quarterly subscriptions through the online
Subscription Store:
http://www.cisco.com/go/subscription
Release Notes for Management Center for Cisco Security Agents 4.0
26
78-15603-02
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
Registered Cisco.com users (Cisco direct customers) can order Cisco product
documentation from the Networking Products MarketPlace:
http://www.cisco.com/en/US/partner/ordering/index.shtml
Documentation Feedback
You can submit comments electronically on Cisco.com. On the Cisco
Documentation home page, click Feedback at the top of the page.
You can e-mail your comments to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front
cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
27
configurations from the Cisco TAC website. Cisco.com registered users have
complete access to the technical support resources on the Cisco TAC website,
including TAC tools and utilities.
Cisco.com
Cisco.com offers a suite of interactive, networked services that let you access
Cisco information, networking solutions, services, programs, and resources at any
time, from anywhere in the world.
Cisco.com provides a broad range of features and services to help you with these
tasks:
Release Notes for Management Center for Cisco Security Agents 4.0
28
78-15603-02
29
To obtain a directory of toll-free Cisco TAC telephone numbers for your country,
go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the
Cisco support services to which your company is entitled: for example,
SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When
you call the center, please have available your service agreement number and your
product serial number.
Packet magazine is the Cisco quarterly publication that provides the latest
networking trends, technology breakthroughs, and Cisco products and
solutions to help industry professionals get the most from their networking
investment. Included are networking deployment and troubleshooting tips,
configuration examples, customer case studies, tutorials and training,
certification information, and links to numerous in-depth online resources.
You can access Packet magazine at this URL:
http://www.cisco.com/go/packet
Release Notes for Management Center for Cisco Security Agents 4.0
30
78-15603-02
http://www.cisco.com/go/iqmagazine
This document is to be used in connjunction with the documents listed in the Documentation Roadmap section.
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing,
FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and
Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA,
CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo,
Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,
Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the
iQ logo, iQ Net Readiness Scorecard, LightStream, MGX, MICA, the Networkers logo, Networking Academy,
Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, ScriptShare, SlideCast,
SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient,
TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other
countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of
the word partner does not imply a partnership relationship between Cisco and any other company. (0304R)
Copyright 2003, Cisco Systems, Inc.
All rights reserved.
Release Notes for Management Center for Cisco Security Agents 4.0
78-15603-02
31
Release Notes for Management Center for Cisco Security Agents 4.0
32
78-15603-02