[Snort-users] RNA Config
This is a discussion on [Snort-users] RNA Config within the Snort forums, part of the System Security and Security Related category; Hi, I have a question about RNA and how it can be used effectivly on a customer network. I have ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-15-2005
|
|||
|
|||
[Snort-users] RNA Config
Hi,
I have a question about RNA and how it can be used effectivly on a customer network. I have deployed an RNA sensor and IS sensor on a customer network segment. It has picked up all the hosts on the network including OS info, services etc. However, I have some assumptions and questions on what to do next. How do i maintian the vulnerability level for each host. If the RNA sensor tells me that hosts are potentially vulnerable to say Windows vulnerabilities, how do I get that info. Do I need to ask the customer to scan their hosts and give me a list of vulnerabilities that its currently exposed to. Then how do we maintain that if new servers get patched, or patches don’t install properly and we think we are not vulnerable when in fact we are ??? For MSSP type scenarios, whos responsibility does it fall on to keep RNA updated. Any recommendations ?? If RNA needs to be kept updated with vulnerability info and the baselining of all hosts initially, to me that involves a lot of man hours. Also, a question that I did not get to ask at the Sourcefire Training Course is that if a system is NOT vulnerable to a particular exploit due to a patch being deployed, does it still create and alert, all be it a low one or does it ignore it totally. Hopefully someone can answer my questions and assumptions. Thanks in advance S __________________________________________________ __ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
