Advanced Host Intrusion Prevention with CSA

This book was not what I expected. I purchased it to learn about complex deployment scenarions, troubleshooting, and most importantly, analysis of events (how to deal with false positives, false negatives etc). A good portion of this book is dedicated to topics such as planning and information gathering which are essential for deploying any new product or solution. “Manageing CSA Projects” would have been an appropriate name for the book. There are a couple of good chapters on policies and a chapter on event corelation.
Rating: 3 / 5

We are all aware that systems have to be protected from attacks originating outside the organization. But the most dangerous attacks come from within. This can take the form of finding private information (salaries, pricing information, technical secrets), to people with an intent to do damage (the employee just fired, or who just got a new job because of some anger towards the company), or of course to people looking to steal money. Note that some of the information that might be stored on a computer system may have legal requirements regarding the distribution of the information. This includes things such a medical records.

This is a Cisco book, so it deals with protecting Cisco equipment and techniques. The basic philosophy is the use of the Cisco Security Agent or CSA. This book does not describe CSA, instead it covers its implementation and monitoring. This should be considered an advanced book. It presumes a basic knowledge of CSA before you start.
Rating: 5 / 5