05-31-2007 08:09 AM - edited 03-10-2019 03:38 AM
Hello,
I recently took over the management of the CSA MC that supports all the server agents with ver4.0.3. It has been tuned by many various people. I see that all the agents were installed "WITHOUT NETWORK SHIM".
Why? Does anyone know why the nework shim wouldn't be enabled on purpose? None of the servers have local firewall apps and we only run Cisco VPN. Also, I keep getting the messages:
The Network Shim is not installed/enabled on this agent, but the rules that apply to this agent require the network shim to be enabled. Functionality will be degraded until the network shim is installed. Details Rule 1990
Would this block any of my NAC rules from not being enabled due to this?
Thanks,
06-01-2007 08:15 AM
The shim provides the following capabilities:
Port scan detection
SYN flood detection
Malformed packet protection
Disabling the network shim does not stop network access control rules from running; it only stops the system hardening features from being active.
Best Practice is to use the network shim on Internet facing servers or systems that might be targeted by the above mentioned attacks.
It could have been installed without the network shim for a bunch of reasons. The ones I know about:
1. If you have teamed NICs on the servers there have been issues.
2. The most common reason is that the shim can conflict with other software that also uses shims, such as firewalls, VPN clients (non-Cisco), and other system agents.
Hope this helps and that others in this forum chime in with their experiences with using the shim.
06-01-2007 11:36 AM
Good answer Paul.
We had problems with the McAfee VirusScan 8 TDI shim conflicting with the CSA 4.0.X shim and we ended up disabling the McAfee shim.
Cisco made the shim mandatory in 4.5 and later.
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide