Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • HIPS30S03L01

    Загружено:

    api-3699464
    14 просмотров25 страниц
    HIPS v3.0--3-2 Types of Variables Data sets File Sets Network Address Sets Network Services Sets Registry Sets COM Component Sets query settings (c) 2006 Cisco Systems, Inc. All rights reserved.

    Исходное описание:

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PPS, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    HIPS v3.0--3-2 Types of Variables Data sets File Sets Network Address Sets Network Services Sets Registry Sets COM Component Sets query settings (c) 2006 Cisco Systems, Inc. All rights reserved.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PPS, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    14 просмотров25 страниц

    HIPS30S03L01

    Загружено:

    api-3699464
    HIPS v3.0--3-2 Types of Variables Data sets File Sets Network Address Sets Network Services Sets Registry Sets COM Component Sets query settings (c) 2006 Cisco Systems, Inc. All rights reserved.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PPS, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 25

    Working with Variables and Application Classes

    Creating Variables

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-1


    Objectives

    At the end of this lesson, you will be able to meet


    these objectives:
    • Identify the purpose of creating variables
    • Describe how to configure a data set
    • Describe how to configure a file set
    • Configure a file set
    • Describe how to configure a network address set
    • Describe how to configure a network services set
    • Describe how to configure a registry set
    • Describe how to configure a COM component set
    • Describe how to configure query settings to be used with a
    query rule

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-2


    Types of Variables

    • Data sets
    • File sets
    • Network address sets
    • Network services sets
    • Registry sets
    • COM component sets
    • Query settings

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-3


    Data Sets

    *///*
    *%u*

    *]* HTTP
    *.ida*
    *|*

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-4


    Configuring a Data Set

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-5


    File Sets

    .pdf
    All Files

    .doc
    .exe

    .htm

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-6


    Configuring a File Set

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-7


    Configuring a File Set (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-8


    Practice: Configuring a File Set

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-9


    Network Address Sets

    198.32.16.1 Remote
    Addresses

    198.32.16.2

    198.32.16.3

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-10


    Configuring a Network Address Set

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-11


    Network Services Sets

    VPN Services
    FTP Services
    . Web-Based
    Services
    .
    .
    E-mail Services

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-12


    Configuring a Network Services Set

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-13


    Registry Sets

    Run Keys

    Shell
    Commands HKU Keys

    Reboot
    Operations

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-14


    Configuring a Registry Set

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-15


    COM Component Sets

    ActiveX Data
    Objects (ADO)
    ActiveX COM
    ActiveX Control Component Set

    Active Directory
    Service Interfaces
    (ADSI)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-16


    Configuring a COM Component Set

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-17


    The COM Component Extraction Utility

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-18


    The COM Component Extraction Utility
    (Cont.)

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-19


    Query Settings

    The application
    contains a virus. It
    should be denied
    access.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-20


    Configuring a Query Setting

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-21


    Query Tokens

    @parent @funcname
    @hostaddr @fileop
    @filename
    @localaddr
    @netop
    @netservice
    @regname
    @targetapp
    @ActiveXname
    @appname
    @child
    @progid
    @clsid
    @dataname
    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-22
    Localized Language Version Support

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-23


    Summary

    • Variables are configuration data items which simplify rule creation.


    • CSA MC consists of these variables: data sets, file sets, network
    address sets, network services sets, registry sets, COM component
    sets, and query settings.
    • Data sets are used to group text strings and metacharacters.
    • Files sets are used to group files and directories.
    • Network address sets are used to group IP addresses into single
    entities.
    • Network services sets are used to group preconfigured protocol
    and port number definitions.
    • Registry sets are used to group registry keys and values.
    • COM component sets are used to group PROGIDs and CLSIDs of
    COM components.
    • Query settings are used to configure the query text and buttons to
    be displayed on the query popup box.

    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-24


    © 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-25

    Вам также может понравиться