Cisco Security Agent Installation/Deployment Guide for Cisco ICM/IPCC Enterprise & Hosted Editions, Release 7.0(0) July 2005 This document provides installation instructions and information about Cisco Security Agent for Cisco Intelligent Contact Management (ICM) Software, Release 7.0(0). You are strongly urged to read this document in its entirety. Cisco Security Agent for ICM 7.0(0) incorporates the appropriate policies for Cisco ICM Enterprise & Hosted Editions 7.
• Migrating to the Management Center for Cisco Security Agents, page 16 • Obtaining Additional Information about CSA, page 18 • Obtaining Related Cisco ICM Software Documentation, page 18 • Obtaining Documentation, page 19 • Documentation Feedback, page 20 • Cisco Product Security Overview, page 20 • Obtaining Technical Assistance, page 21 • Obtaining Additional Publications and Information, page 23 Introduction The Cisco Security Agent (CSA) provides: • Intrusion detection and prevention f
The policy for the CSA standalone Agent for ICM is created from the default policy modules that are shipped with Cisco Security Agent 4.5. These default policy modules secure/harden Windows, SQL and IIS. These default policy modules are altered in two ways for CSA for ICM: • Some rules, which allow processes (such as FTP, NNTP) that are not required for the ICM product family, are altered to not allow these processes.
• Cisco Remote Monitoring Suite (RMS) 2.1(0) Supported: Listener, LGArchiver, LGMapper, SDDSN Not Supported: AlarmTracker Client Software • Cisco Web Collaboration Option 7.0(0) [only on Windows platform] – Cisco Collaboration Server 7.0(0) Supported: Collaboration Server, SQL Server Not Supported: Oracle, Agent Desktop, Caller Desktop – Cisco Media Blender 7.0(0) Supported: Media Blender Server Not Supported: n/a – Cisco Dynamic Content Adapter (DCA) 2.
In any event, when a newer version of the Agent becomes available, Cisco strongly recommends that you install the newer version. If you use a third-party software application that is not Cisco-approved, see the section Migrating to the Management Center for Cisco Security Agents, page 16, for additional information. Default Installation Directories Caution To use Cisco Security Agent, you must always use the default directories when installing any software on a server.
Symantec AntiVirus must be installed under: **\Norton*\** **\Symantec*\** Trend Micro must be installed under: **\Trend*\** ICM Multimedia and ServletExec Components Component Should Be Installed under Directory Cisco Collaboration Server **\Cisco_CS Cisco Collaboration Server ServletExec **\ServletExec ISAPI Cisco Dynamic Content Adapter **\dca Cisco Media Blender **\CiscoMB Cisco Media Blender ServletExec **\ServletExec ISAPI Cisco E-Mail Manager ServletExec **\ServletExec ISAPI Admin Works
• the .pbl files must live under the folder **\icm\**\aw\custom\ Outbound Option When attempting to import customer data files from a computer that is running Cisco Security Agent, make sure that the path to the file begins with :\customer\import This path rule does not apply if the import file is located on the same computer as the import process. Also, make sure that the import process user has network and directory read/write access to the "customer" directory as well as the "import" directory.
Before You Begin the Installation Before you install the Cisco Security Agent for Cisco ICM software, review the following information: Caution • Confirm that the computer you are using to install Cisco Security Agent has 20 MB of hard disk space available for the download file and the installed files. • Cisco ICM software must be installed before you install Cisco Security Agent. • Before each Cisco ICM upgrade, you must disable the Cisco Security Agent service.
• Tip After the installation, you do not need to perform any Agent configuration tasks. The software immediately begins to work as designed. Security events may display in the Messages window of the Agent GUI (double-click the Cisco Security Agent icon—the red flag in the Windows system tray; then click on Message, on the left, under Status), as well as in Microsoft Event Viewer and/or in the securitylog.txt file (see Event Messages and Log Files, page 13).
Note You must be allowed access to a cryptographic site before you can download the Cisco Security Agent file. If you have not yet applied for such access, you will at this point be directed to a web form. Fill out the form and click Submit. A message appears telling you when you can expect to have download access. If you have already registered, continue with Step 5. Step 5 Note the location where you saved the downloaded file. Step 6 Double-click CiscoICM-CSA--K9.
• The value of the key STD.PRODUCT_ID contains the engine and policy version. Disabling and Reenabling the Cisco Security Agent Service You must disable the CSA service whenever you want to install, upgrade, or uninstall software. This means before every operating system, Cisco ICM and third-party installation and upgrade, including maintenance release, service release, and support patch installations and upgrades.
Caution You must reenable the Cisco Security Agent service after installing, upgrading, or uninstalling software. Reenable To reenable the CSA service, complete the following steps: Step 1 From the Windows Start menu, select Control Panel > Administrative Tools > Services. Step 2 In the Services window, right-click Cisco Security Agent and choose Properties. Step 3 In the Properties window, click the General tab. Step 4 From the Startup Type drop-down list box, choose Automatic.
Note The following is relevant if you are uninstalling CSA 4.0.x for ICM 5.0(0) or CSA for ICM 6.0(0) in order to upgrade to CSA for ICM 7.0(0). However, no such registry keys exist for CSA for ICM 7.0(0). The uninstaller does not remove the registry entries where the policy version is stored. If you want them removed, you must manually delete them—after you uninstall. The relevant registries are: HKEY_LOCAL_MACHINE\Software\Cisco Systems, Inc.
– Then click View log. (Clicking on Purge log deletes all events stored in securitylog.txt, though csalog.txt will continue to contain that information.) You can also: – Copy securitylog.txt to a machine that has Excel and change the name to securitylog.csv. – Double-click securitylog.csv and it will open as an Excel spreadsheet. You may find it most convenient to see the contents of a spreadsheet cell by clicking on the cell and looking at the contents in the field above the spreadsheet matrix.
Problems with Installing/Uninstalling the Agent If you encounter problems with installing or uninstalling the Agent, perform the following tasks: • Verify that you rebooted the server. • Verify that the Cisco Security Agent service is not disabled and that its Startup Type value is Automatic. • Obtain the installation logs from :\Program Files\Cisco Systems\CSAgent\log. Review the CSAgent-Install.log and driver_install.log files.
Step 2 Perform the operation that caused the error message. Step 3 Reenable CSA as described in Reenable, page 12. Step 4 Perform the operation that caused the error message.
1. Remove any third-party software not supported by Cisco from your ICM servers 2. Revert to the original Cisco Security Agent for ICM policy If the problem persists, then call your support provider. Management Center for Cisco Security Agent contains two components: • The Management Center installs on a dedicated server and includes a web server, a configuration database, and a web-based interface.
Tip All policy variables, including Group Name, Policy Name, Rule Module Name, File Sets Name, Application Class Name, Registry Set Name and so on, literally everything that can have a name (only Rules do not have names), starts with “ICM”. So, a File Set with the name “ICM All Files” means All Files on the system. While a File Set with the name “ICM All ICM Files” means All files related to the ICM product.
Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems. Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/techsupport You can access the Cisco website at this URL: http://www.cisco.
• Instructions for ordering documentation using the Ordering tool are at this URL: http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm • Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).
Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT: • Emergencies — security-alert@cisco.com An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported.
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs.
Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. • Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go/marketplace/ • Cisco Press publishes a wide range of general networking, training and certification titles.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.
