Re: [fw-wiz] CSA Question

On 8/21/07, Carric Dooley <carric@xxxxxxxxxxx> wrote:
I have been looking thru the Cisco site and I'm wondering if anyone knows
if you can configure the CSA to disable network interfaces, for instance
if it's attcked, or shut down.

I work on the Cisco Security Agent team, and I do know that there is a
"Network Lock" mode, which will disallow all new connections. I
believe we also added some new features for disabling wireless devices
in a recent release. I am unsure if there is a way to define a rule
such as "if rootkit is detected, disable all interfaces". I am cc'ing
Marcus Gavel who who should be able to get you an answer...
Kristian Erik Hermansen
firewall-wizards mailing list