|
|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
| News | Recommended Books | Recommended Links | Recommended Articles | Reference | FAQs | Comparisons | Network Monitoring Tools |
| Cisco Security Agent | Tripwire | Dragon | Etc |
CSA (former Okena's "Storm Watch") represent a new approach to the defense from worms and viruses beyond the realm of the current generation of anti-virus protection. It is especially useful when server or workstation is down a level or two on service packs. The product gives you the ability to monitor system calls and alert/block actions that go outside the process' "profile." It does not look for rogue processes, but you can create policies that watch all existing processes. It's a cool concept, available for both Win2K and Solaris right now.
It hooks the system calls and checks them against a policy. Trapping bad behaviors instead of inbound signatures of bad code/data. We have found in testing that on a default Win2K box (no service packs) CSA stops most worms (Nimda,Code Red, Ms.Blaster), if SCA is running. AV only stops it if it matches the exact signature: most AV products commonly used today are "signature-based" detection programs. These products do not defend against new attacks but only focus on looking for the specific file contents-or signatures-of known viruses and worms. Of course, the most damage from viruses and worms happens before signatures are available.
This is intrusion prevention, not detection. Although of course, the logs are written so you can detect the event. Cisco claims that SCA can also scale to almost any size corporate network. "One company has deployed 100,000 Cisco Security Agents, while other companies are managing up to 19,000 Security Agents on one Management Console."
You might want to check it out, depending on what you are trying to accomplish, but anyway with the "patch-hell" that everybody is experiencing this might be a good deal.
CSA was designed by Kirby, a 30-year computer industry professional, who found his way to Cisco when the company acquired Okena in January 2003. There he oversaw development of the initial versions of Security Agent as Okena's vice president of engineering and chief technology officer. He is a 13-year veteran of the Digital Equipment Corporation. There he guided the invention and prototyping of the first Ethernet-to-Ethernet transparent LAN bridge, as well as creating media access control and physical layer hardware for FDDI and working on early optical communications technology. He also served a stint as a staff member for the prestigious Massachusetts Institute of Technology's Lincoln Lab where he developed experimental all-optical equipment. At Lincoln he joined with some of the leading minds in computing and communications, including Nobel Prize winner Bob Wilson. Kirby delved into networking security when he joined Raptor Systems in 1994 as the company's vice president of engineering. There he guided development of the first commercial firewall product for NT servers, as well as virtual private networking clients for Windows-based operating systems. Raptor also came out with the first VPN Concentrator and the first VPN client for personal computers.Then in 1998 Kirby help some of his colleagues start Okena. Later on he would become its chief technology officer and guide the development of Security Agent before Cisco acquired the company this year.
Since the acquisition Kirby and his team have been integrating Security Agent with Cisco's management software as well as expanding the Security Agent's capabilities for future versions.
Cisco Security Agent - Cisco Systems
Configuration Guide (PDF - 7 MB)
User Guide (PDF - 1 MB)
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
http://www.cisco.com/go/packet
http://www.cisco.com/go/iqmagazine
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_ protocol_journal.html
http://www.cisco.com/en/US/learning/le31/learning_recommended_training _list.html
http://www.ocs.ru/cisco_news/sx/art/404442/cp/1/br/202400/discart/404442
Okena
|
Norwalk, CT,
February 4, 2003 AimNet Solutions and OKENA Team to Provide Intrusion Prevention Solutions
AimNet Solutions (www.aimnetsolutions.com), a network-centric managed service provider, today announced a reseller agreement with OKENA™, Inc. (www.okena.com), the leading developer of intrusion prevention software. Under the terms of the agreement, AimNet will resell OKENA’s StormWatch/StormSystem throughout the Northeast. The continued increase of new and evolving security threats, such as last week’s Slammer worm, demands the adoption of policy-based, “zero update” intrusion prevention solutions in order to stop attacks rather than simply detecting them. OKENA’s breakthrough proactive security technology for desktops and servers offers customers optimum defense for stopping known and unknown attacks. Customers will benefit from OKENA’s behavioral approach to security, which alleviates the burdensome operational costs associated with the management of attack signatures on servers and desktops. “We are very excited to offer OKENA StormWatch/Storm System to our clients, providing proactive security to help stop even the most advanced new attacks,” said Robert Kenney, senior vice president, business development, AimNet Solutions. “The addition of these products will provide even more value to clients by further enhancing our rich portfolio of offerings that include security administration, assessment, implementation and training services, as well as security policy development.” Stephen Nardone, AimNet’s senior director of security solutions, and a former director of NSA’s National Trusted Product Evaluation Program, added, “OKENA’s StormWatch/Storm System are key to providing our clients with robust applications security management that is lacking in many of today’s commercial enterprises. This was dramatically emphasized during the Slammer worm incident that StormWatch stopped cold for OKENA customers.” StormWatch is the cornerstone of OKENA’s ongoing StormSystemä enterprise security platform. StormWatch application security policies can be implemented right out of the box or can be customized to meet unique corporate environments. This results in more secure networks that are protected against the new wave of attacks that breach traditional security perimeters and bypass signature-based technologies. This also translates into proven return on investment: a reduction in the administrative burden associated with shutting down networks for repairs, patching systems, updating signatures or wading through an endless sea of log files and alerts generated by false-positives. “OKENA is committed to extending intrusion prevention to new customer channels by partnering with the leading resellers and integrators through the industry,” said John Noonan, VP of Channels at OKENA. “We respect the expertise of AimNet and are confident in their ability to not only distribute OKENA StormWatch/StormSystem to their clients, but also in the additional services AimNet provides to ensure a total defense-in-depth strategy founded on the strength of proactive security.” OKENA StormWatch ships with a set of default policies that protect desktops and servers, as well as the most popular applications, against both known and unknown attacks. These include: buffer overflows, syn flood attacks, Trojan horses, worms and even software security holes for which users may not have downloaded a patch. For added security, policies can be tailored to protect custom or legacy applications.
About AimNet Solutions AimNet Solutions (www.aimnetsolutions.com) is a network-centric managed services provider that provides clients with an industry-leading range of advanced, end-to-end local area network, wide area network, information security, server management and network performance services that help to empower their e-business networks and strategies. For more information, please call (888) 332-5746 or send an email to [email protected].
About OKENA OKENA is the leading provider of intrusion prevention security software that proactively protects host systems. OKENA’s breakthrough intrusion prevention technology is the only behavior-based solution on the market that secures servers, desktops, and all their applications from both known and unknown attacks. This proven approach reduces the high IT costs associated with the maintenance and deployment of traditional signature-based technologies. OKENA’s StormSystem intrusion prevention software products are used by leading private and public sector organizations in the federal government, financial services, education and healthcare markets. OKENA continues to receive industry recognition, including being named the Editor’s Choice Award winner in Network Computing magazine’s host-based intrusion prevention review and a finalist for the 2002 MIT Sloan eBusiness Awards. Headquartered in Waltham, Mass., OKENA is privately held. For more information about OKENA, visit www.okena.com. |
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Created: May 16, 1997; Last modified: March 12, 2019
