|
UnixReview.com
July 2006
Book Review: Advanced Host Intrusion Prevention with CSA
Reviewed by Emmett Dulaney
Advanced Host Intrusion Prevention with CSA
by Chad Sullivan, Jeff Asher, and Paul Mauvais
Cisco Press, 2006
ISBN: 1-58705-252-0
$65.00
They say that big things come in small packages, and this book is no exception. At fewer than 300 pages, this book is as concise and succinct a reference to Cisco Security Agent (CSA) as you’ll find. Currently, CSA is supported on the Microsoft platforms as well as Solaris and Red Hat. CSA is the product Cisco offers for an “endpoint protection” IPS (Intrusion Prevention System); it is not difficult to implement this software but can be arduous to master it. This book takes the approach of walking you through the implementation and all the way up to, and through, troubleshooting.
The “Advanced” enters the title since the lead author also wrote another book roughly 150% larger, Cisco Security Agent. That book covers more ground and takes more of an A-Z approach than this one.
The first chapter in Advanced Host Intrusion Prevention with CSA is almost a throw-away, offering a short overview of malicious code (viruses, worms, Trojans, and so on), hackers, and legislation. The second chapter introduces CSA and the way it works. Topics here include the architecture, policies, and hierarchy.
Chapters 3 through 5 look at planning the implementation and what will be affected. Not only are the obvious items discussed (such as quality assurance), but attention is also given to the need to include important individuals (project team, executive sponsor, project manager, and so on) in the information gathering and integration phases.
|
