Chapter 2 Deployment Planning
Policy Tuning and Troubleshooting
•Use the supplied groups and if necessary define additional groups for each distinct desktop and server type in your network. In your pilot, you should have some participants that are using each desktop and server type so you can tune and troubleshoot all policies before deployment.
Group membership is cumulative, which can be useful in tuning and troubleshooting. For example, at the beginning of a pilot, participating hosts that are Windows desktops would be attached to the All Windows and Desktops - All Types groups on the Systems
•Start piloting all groups in test mode and examine the event log (Events
•Policy tuning and troubleshooting is an iterative process. Focus on a single policy for improvement at a time and then verify that the tuning and troubleshooting techniques did what you expected before deploying the improved policy.
•Prioritize the security features you want to implement with CSA policies. You can also prioritize applications and groups. By having clear priorities and working through a single policy improvement at a time, you can manage the complexity of deploying large policy sets in large networks. For example, based on priorities, you can keep a specific rule module in test mode while the rest of the rule modules in the policy are in live mode.
•Large policy sets can generate enormous numbers of log messages, so you need to use the tools provided that help filter out extraneous information and isolate the specific policy to be improved or behavior to be studied. For example, you can log only the events that result in Deny actions or create an exception rule that stops logging a specific event to reduce the overall number of log messages. In addition, host diagnostics can be used to filter rules based on the user state (that is, the user and group) the host is in, such as only
| Installing Management Center for Cisco Security Agents 5.2 |
