Host Intrusion Prevention System (HIPS)

The process tp enable this involves installation of the HIPS agent, configuring the agent, verifying that the agent is communicating with the HIPS server.

 

  • Installation of HIPS agent

Download the HIPS agent on the VM using winscp tool.

Uncompress the the file, it should contain the agent installer, agent-cert.ssl an agent certificate file, a pdf explaining the installation process.

Important aspect during installation is specifying the Primary Management Server = abc.com, Alternate Management Server = abc.com, source the agent-cert.ssl from the installation folder.

 

  • Configuring the agent

Enter an alternate DNS entry for local area connection for communicating with the HIPS server as XX.XX.XXX.XX(IP)

Whitelist the HIPS server by making an entry in hosts file @ c:\Windows\Systems32\drivers\etc\hosts

Add entries for ip1 with abc.com  && ip2 with abc2.com

 

  • Verifying the HIPS agent communication

Reboot the VM (This is needed for the agent to start communicating to the server)

Connect using Remote Desktop and run this tool from command prompt

c:\Program Files<x86>\Symantec\Critical System Protection\Agent\IPS\bin\sisipsconfig.exe -v

If a connection successful message is returned, then the agent is communicating with the server.

If NOT, port 443 & 2222 needs to be opened in Dashboard using Egress rules as well as on all intermediate firewalls on the network.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s