Working with Variables and Application Classes

Creating Application Classes

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-1

 Objectives

At the end of this lesson, you will be able to meet

these objectives:
• Identify the purpose of creating application classes
• Describe the purpose of configuring static and dynamic
application classes
• Describe how to configure an application class
• Create a dynamic application class
• Describe how to configure application class management
options

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-2

 Application Classes

iexplore.exe

netscape.exe
Web Browsers Application
Class

Processes Generated Include/Exclude

by Allowed
Applications

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-3

 Built-In Application Classes

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-4

 Configurable Built-In Application Classes

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-5

 Static and Dynamic Application Classes

Process

Process defined in Process defined in

application class application class
based on name based on behavior

Static Application Class Dynamic Application Class

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-6
 Configuring an Application Class

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-7

 Defining a Dynamic Application Class

Steps to define a dynamic application class:

1. Create a new application class by clicking the When
Dynamically Defined by Policy Rules radio button.
2. Configure an application builder rule to dynamically
populate this application class.
3. Configure another rule to control the actions of this
dynamic application class.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-8

 Practice: Creating a Dynamic
Application Class

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-9

 Application Class Management

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-10

 Summary

• Application classes are groups of application files combined

under a common name.
• Built-in application classes are default preconfigured
application classes shipped with CSA MC.
• Some of these built-in classes can be configured to suit your
network security requirements.
• Static application classes are defined by the names of the
application executables.
• Dynamic application classes are defined based on the
behavior of an application.

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-11

© 2006 Cisco Systems, Inc. All rights reserved. HIPS v3.0—3-12