cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
812
Views
10
Helpful
9
Replies

CSA 5.2 on a Developer PC

jan.nielsen
Level 7
Level 7

Hi There

I have a case where a customer needs me to build a custom policy for around 250 pc's with developer users on them, this ranges from Eclipse RAD to Prolog developers, and some Mainframe people as well, and everything in between really.

Usually i give up upfront, since these types of people work in the most anarchistic ways, and with most of the time no systematic way of using their system...at least thats my experience.

Maybe someone has another experince with doing CSA policies for this type of user ?

1 Accepted Solution

Accepted Solutions

didyap
Level 6
Level 6

In CSA you can apply modules based on User States. Make sure you are running CSA 4.5.0 573 or the latest version of CSA 4.5.1 616 since 4.5.0 565 contained many bugs that did not allow User State rules to execute accordingly. You can find the documentation for the user states at:

http://www.cisco.com/en/US/docs/security/csa/csa45/user_guide/Chap4.html

View solution in original post

9 Replies 9

didyap
Level 6
Level 6

In CSA you can apply modules based on User States. Make sure you are running CSA 4.5.0 573 or the latest version of CSA 4.5.1 616 since 4.5.0 565 contained many bugs that did not allow User State rules to execute accordingly. You can find the documentation for the user states at:

http://www.cisco.com/en/US/docs/security/csa/csa45/user_guide/Chap4.html

Thanks, I am well aware of the features of csa, my point was that to some degree i was worried that managing these user would be a bigger job than the customer would accept.

tsteger1
Level 8
Level 8

We have about 160 GIS, Web, Java and IBM developers that use a variety of approved software tools and can usually be relied upon to introduce a few of their own.

They have a set of NAC rules to allow local VMs to act as servers to test new applications and allow servers to accept connections from them.

I also created policies for apps that cause the most alerts.

Are you going to support them after you build it? If not, they should have someone who understands it or it will be hard to maintain.

Tom

Hi Tom,

So you are not seeing a lot of events from these systems ? Unfortunately the customer is not willing to use VM's for testing, they are RDP'ing to machines that are being used both as their regular office machines and as development, thats why i initially was worried it would cause to many changes, and eventually offer little to no protection. I have actually run a few in TESTMODE for a few days now, and am not seeing a big load of events other than network server related stuff, which can be easily managed. Thanks for the replies

Jan

Hi Jan, they are pretty quiet and they have almost the same protections as the rest of the hosts.

They are just allowed to run certain apps and connect to and be connected to from certain servers.

Tom

Hi Tom,

That sounds good, maybe i was a bit quick on the draw in my assumption that this would be massive work, it seems there is not much more tuning to do at the moment than regular users, other than some server ports over 1024, which i am thinking of enabled for the ad group they are in, and bind it to the directories that their developer tools are located in. Thanks...

PS:I created a small tool yesterday that can be used to display the system state (offline/online) type function of csa. If anyone would like to try it please let me know. Right now it is set to look for the Security Level High/Low, but can be changed in the ini file. It will then show a green csa flag in the tray when your "online" and a red when you are "offline", and you can define other icons, and also the tooltip text when hovering over the icon.

Jan

Hi Jan, that tool sounds interesting.

I'd like to take a look.

Thanks,

Tom

Hi Tom,

Sure, you can get it at http://www.csaforum.dk/viewtopic.php?t=14 which is my danish forum for CSA, sp the text is in danish, but i think you can manage to use the appl. if not, just let me know, and i'll translate it.

Actually there is an updated version at http://www.csaforum.dk/csamon11.zip

Review Cisco Networking for a $25 gift card