In this section, we explore how to review your security policies and how to export them to a plain text file for use in the recovery process. The export process is particularly critical, so that you do not lose valuable policy information in case of a database crash or data loss.
CSA policies, when properly created and documented for your enterprise, should reflect your environment and the security policies you have written to cover that environment.
The Cisco Security Agent Management Center (CSA MC) provides assistance in
documenting the CSA policies you use or design to enhance or supplement your corporate security policy. This function is called Explain rules, as highlighted in Figure 5-1.
Figure 5-1 Host Display Screen of Cisco Security Agent Version 4.5
Figure 5-1 shows a typical display of a host detail screen in CSA version 4.5. You receive information about the host and about any groups and policies currently attached to this host.
As shown in Figure 5-2, if you scroll down that page, you see a list of all rules, in precedence order, that apply to this host.
Security Policy Document 83
Figure 5-2 Rules List in Cisco Security Agent Version 4.5 Host Display Screen
As you can see in Figure 5-2, this is the beginning of the list of rules attached to this particular example host. You see rule ID numbers, rule types, statuses, actions that apply, and so on.
If you scroll back up to the top of your host detail screen and select the Explain rules link highlighted in Figure 5-1, you can see a list similar to the example host illustrated in Figure 5-3.
Figure 5-3 Explain Rules List for Example Host in Cisco Security Agent Version 4.5
You can see that the rules have been converted into a more readable format, and the rules can be cut and pasted into a security policy documentation set. This conversion can help you document your CSA policy, so that you can confirm that it is written and operating as expected.
You can compare rules in Figure 5-2 and Figure 5-3. For example, in Figure 5-2, you can see that the first rule listed is rule ID 256, which is an Agent service control rule. It protects the CSA from modifications to its configuration. You can find that number on Figure 5-3 and see how the rule converts into a more readable format.
You can explain the rules for your final (or ongoing) CSA, and then print them for future reference. You should be aware, however, that the Explain rules functionality does not print out the contents of every variable and class (application, and so on) that you need for complete disaster recovery of your security policies. For a more complete set of recovery information, you also need:
•
A complete, usable backup of your CSA database (the local one if you use a local SQL database or the remote database if you use the new remote database functionality in CSA version 4.5 or later).•
A complete export of your CSA groups and policies.You can complete an export of your groups and policy information by choosing either Export if you have the Maintenance screen selected already or choosing Export from the Maintenance pop-up menu under Export>Import, as shown in Figure 5-4.
Figure 5-4 Cisco Security Agent Version 4.5 Maintenance Menu—Exporting Information
Security Policy Document 85
Next, select New at the bottom-left of the next screen, and then compare your screen to Figure 5-5.
Figure 5-5 Cisco Security Agent Version 4.5 New Export
Enter a name for your export in the File Name field at the top, and a short description of this export; it is best to include the version number in the name of the export file. The description can include the CSA version you export from (such as 450-565) or the version of this export (for example, Pilot v1 or Production v8).
You next select the item you want to export. This can be as broad as a CSA group or as specific as one policy or application class.
When you select an item, any items in the database necessary to allow that item to be complete automatically export with the item you selected. Consider the following examples:
•
If you select one particular CSA policy to export, the MC exports all rule modules, rules, application classes, and other variables and settings needed to make it a complete and functional import file. You can use it on another MC or the same one if you needed to recover.•
If you select one particular CSA group to export, the MC exports all related policies and other information attached to the group. You do not need to individually select every policy, rule module, application class, and so on when you perform an export.In Figure 5-6, Desktops—All types has been selected to export.
Figure 5-6 Cisco Security Agent Version 4.5 Desktops—All Types Export Selection
When you select all the items you want to export, click the Export button at the bottom left of the browser window. It prompts you to confirm you want to export the selected items.
Click OK when you are ready, and it begins the process of exporting the selected items to an export file.
You then see the Export Progress screen (Figure 5-7) as it walks through all the areas it needs to export to complete your file.
Security Policy Document 87
Figure 5-7 Cisco Security Agent Version 4.5 Export Progress Screen
When it completes, it notifies you with a link at the bottom of the Export Progress screen, as shown in Figure 5-8.
Figure 5-8 Cisco Security Agent Version 4.5 Export Completed—Ready to Download
Click on the here link at the bottom of the Export Progress screen to download your export file. Save it to a location you can readily access (for example, the Windows Desktop).
Figure 5-9 shows that the export file is a text file in XML format; this is a common format used by applications today. Although it is readable and editable, Cisco does not recommend direct editing of the file. Because there are numerous settings and variables documented in the file that are interdependent, editing this by hand can be a challenge. Use the
management interface to edit your policies and reexport them if needed.
Figure 5-9 Cisco Security Agent Version 4.5 Example Export File in Windows Notepad Format
Perform this export process every time you make changes to your CSA production policies and keep a copy offline. This saves you considerable time if you need to recover your policies because you can reimport them from this simple file.
Together these pieces help to define the CSA policies needed to enforce your corporate security policies.