Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
10
Helpful
9
Replies

CSA 5.2 on a Developer PC

Go to solution
jan.nielsen
Level 7
Level 7

‎01-21-2008 06:01 PM - edited ‎03-10-2019 03:57 AM

Hi There

I have a case where a customer needs me to build a custom policy for around 250 pc's with developer users on them, this ranges from Eclipse RAD to Prolog developers, and some Mainframe people as well, and everything in between really.

Usually i give up upfront, since these types of people work in the most anarchistic ways, and with most of the time no systematic way of using their system...at least thats my experience.

Maybe someone has another experince with doing CSA policies for this type of user ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
didyap
Level 6
Level 6

‎01-25-2008 10:54 AM

In CSA you can apply modules based on User States. Make sure you are running CSA 4.5.0 573 or the latest version of CSA 4.5.1 616 since 4.5.0 565 contained many bugs that did not allow User State rules to execute accordingly. You can find the documentation for the user states at:

http://www.cisco.com/en/US/docs/security/csa/csa45/user_guide/Chap4.html

View solution in original post

0 Helpful
9 Replies 9

Go to solution
didyap
Level 6
Level 6

‎01-25-2008 10:54 AM

In CSA you can apply modules based on User States. Make sure you are running CSA 4.5.0 573 or the latest version of CSA 4.5.1 616 since 4.5.0 565 contained many bugs that did not allow User State rules to execute accordingly. You can find the documentation for the user states at:

http://www.cisco.com/en/US/docs/security/csa/csa45/user_guide/Chap4.html

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7
In response to didyap

‎01-27-2008 03:56 PM

Thanks, I am well aware of the features of csa, my point was that to some degree i was worried that managing these user would be a bigger job than the customer would accept.

0 Helpful

Go to solution
tsteger1
Level 8
Level 8

‎01-25-2008 03:50 PM

We have about 160 GIS, Web, Java and IBM developers that use a variety of approved software tools and can usually be relied upon to introduce a few of their own.

They have a set of NAC rules to allow local VMs to act as servers to test new applications and allow servers to accept connections from them.

I also created policies for apps that cause the most alerts.

Are you going to support them after you build it? If not, they should have someone who understands it or it will be hard to maintain.

Tom

Go to solution
jan.nielsen
Level 7
Level 7
In response to tsteger1

‎01-27-2008 03:59 PM

Hi Tom,

So you are not seeing a lot of events from these systems ? Unfortunately the customer is not willing to use VM's for testing, they are RDP'ing to machines that are being used both as their regular office machines and as development, thats why i initially was worried it would cause to many changes, and eventually offer little to no protection. I have actually run a few in TESTMODE for a few days now, and am not seeing a big load of events other than network server related stuff, which can be easily managed. Thanks for the replies

Jan

0 Helpful

Go to solution
tsteger1
Level 8
Level 8
In response to jan.nielsen

‎01-28-2008 10:20 AM

Hi Jan, they are pretty quiet and they have almost the same protections as the rest of the hosts.

They are just allowed to run certain apps and connect to and be connected to from certain servers.

Tom

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7
In response to tsteger1

‎01-28-2008 02:04 PM

Hi Tom,

That sounds good, maybe i was a bit quick on the draw in my assumption that this would be massive work, it seems there is not much more tuning to do at the moment than regular users, other than some server ports over 1024, which i am thinking of enabled for the ad group they are in, and bind it to the directories that their developer tools are located in. Thanks...

PS:I created a small tool yesterday that can be used to display the system state (offline/online) type function of csa. If anyone would like to try it please let me know. Right now it is set to look for the Security Level High/Low, but can be changed in the ini file. It will then show a green csa flag in the tray when your "online" and a red when you are "offline", and you can define other icons, and also the tooltip text when hovering over the icon.

Jan

0 Helpful

Go to solution
tsteger1
Level 8
Level 8
In response to jan.nielsen

‎03-16-2008 10:11 PM

Hi Jan, that tool sounds interesting.

I'd like to take a look.

Thanks,

Tom

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7
In response to tsteger1

‎03-17-2008 03:50 PM

Hi Tom,

Sure, you can get it at http://www.csaforum.dk/viewtopic.php?t=14 which is my danish forum for CSA, sp the text is in danish, but i think you can manage to use the appl. if not, just let me know, and i'll translate it.

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7
In response to jan.nielsen

‎03-17-2008 03:52 PM

Actually there is an updated version at http://www.csaforum.dk/csamon11.zip

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card