[Snort-sigs] Snort-sigs Digest, Vol 116, Issue 4

Vaughn A. Hart vaughn at ...4126...
Mon Jan 11 18:30:32 EST 2016


awesome.  Thank you very much.

You guys need an intern? I work in IT but I'm not a security expert.

Any suggestions on how to make a firewall secure?

-Vaughn

On Mon, Jan 11, 2016 at 3:46 PM, <snort-sigs-request at lists.sourceforge.net>
wrote:

> Send Snort-sigs mailing list submissions to
>         snort-sigs at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.sourceforge.net/lists/listinfo/snort-sigs
> or, via email, send a message with subject or body 'help' to
>         snort-sigs-request at lists.sourceforge.net
>
> You can reach the person managing the list at
>         snort-sigs-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-sigs digest..."
>
>
> Today's Topics:
>
>    1. Re: Security Ruleset - CVSS Level (Joel Esler (jesler))
>    2. Re: Security Ruleset - CVSS Level (Joel Esler (jesler))
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 11 Jan 2016 20:42:05 +0000
> From: "Joel Esler (jesler)" <jesler at ...3865...>
> Subject: Re: [Snort-sigs] Security Ruleset - CVSS Level
> To: "Vaughn A. Hart" <vaughn at ...4126...>
> Cc: "snort-sigs at lists.sourceforge.net"
>         <snort-sigs at lists.sourceforge.net>
> Message-ID: <39C4CFC8-E76D-452A-BB5A-6F523A70C907 at ...3865...>
> Content-Type: text/plain; charset="us-ascii"
>
> Vaughn,
>
> It appears we've isolated the issue.  It would be fixed shortly.  Thank
> you for bringing this to our attention.
>
> --
> Joel Esler
> Manager, Talos Group
> Sent from my iPhone
>
> On Jan 9, 2016, at 8:40 PM, Joel Esler (jesler) <jesler at ...3865...<mailto:
> jesler at ...3865...>> wrote:
>
> Vaughn,
>
> Thanks for writing in.
>
> So, there could be a couple things going on here, and I may have to get
> with the Meraki team to diagnose the problem.
>
> First off, if we take a look at the ruleset:
> https://www.snort.org/advisories/talos-rules-2016-01-07
>
> You can see the "enabled"/"Disabled" state of the ruleset as shipped.
> Now, that means "Balanced".  So if it's on in Balanced, it's on in
> security, as the more stringent rulesets also contain the lighter ruleset
> states, and sometimes make them "harsher".
>
> That all being said, the Meraki device is a unique type of appliance.  You
> select the policy you want to run, and the system takes care of it for you.
>
> So, there will be a couple things we'll have to diagnose here, and none of
> which you need to do.  I'll coordinate with the Meraki team to figure out
> what needs to be done.  Off the top of my head, it could be several things.
>
> I'll follow up once I touch base with them.
>
> Sent from my iPad
>
> On Jan 9, 2016, at 8:34 PM, Vaughn A. Hart <vaughn at ...4126...<mailto:
> vaughn at ...4126...>> wrote:
>
> Hi Folks,
>
> I am confused about the security ruleset setting in Snort. I am using a
> third party vendor (Cisco Meraki) and it seems that they haven't released a
> Security/Snort ruleset update to their MX security appliances because there
> have been no matching snort signature releases that match the Security
> Ruleset CVSS criteria. This seems confusing to me as there have been
> Microsoft, Adobe and Apple snort signatures since the 4th of December 2015,
> that are a CVSS of 6 and higher. Or am I mistaken?
>
> If anyone is running the Security Ruleset in Snort (standalone), have you
> gotten an update? and can someone explain this to me, because what I see
> from US-Cert and the Talos releases seems to indicate that there should be
> an update.
>
> Thanks!
>
> --
>
> -V
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 2
> Date: Mon, 11 Jan 2016 20:46:25 +0000
> From: "Joel Esler (jesler)" <jesler at ...3865...>
> Subject: Re: [Snort-sigs] Security Ruleset - CVSS Level
> To: "Vaughn A. Hart" <vaughn at ...4126...>
> Cc: "snort-sigs at lists.sourceforge.net"
>         <snort-sigs at lists.sourceforge.net>
> Message-ID: <105DE119-2F0F-410E-A6B2-6781B11B7CA3 at ...3865...>
> Content-Type: text/plain; charset="us-ascii"
>
> It will*. Sorry. Keyboard got me.
>
> --
> Joel Esler
> Manager, Talos Group
> Sent from my iPhone
>
> On Jan 11, 2016, at 3:45 PM, Joel Esler (jesler) <jesler at ...3865...<mailto:
> jesler at ...3865...>> wrote:
>
> Vaughn,
>
> It appears we've isolated the issue.  It would be fixed shortly.  Thank
> you for bringing this to our attention.
>
> --
> Joel Esler
> Manager, Talos Group
> Sent from my iPhone
>
> On Jan 9, 2016, at 8:40 PM, Joel Esler (jesler) <jesler at ...3865...<mailto:
> jesler at ...3865...>> wrote:
>
> Vaughn,
>
> Thanks for writing in.
>
> So, there could be a couple things going on here, and I may have to get
> with the Meraki team to diagnose the problem.
>
> First off, if we take a look at the ruleset:
> https://www.snort.org/advisories/talos-rules-2016-01-07
>
> You can see the "enabled"/"Disabled" state of the ruleset as shipped.
> Now, that means "Balanced".  So if it's on in Balanced, it's on in
> security, as the more stringent rulesets also contain the lighter ruleset
> states, and sometimes make them "harsher".
>
> That all being said, the Meraki device is a unique type of appliance.  You
> select the policy you want to run, and the system takes care of it for you.
>
> So, there will be a couple things we'll have to diagnose here, and none of
> which you need to do.  I'll coordinate with the Meraki team to figure out
> what needs to be done.  Off the top of my head, it could be several things.
>
> I'll follow up once I touch base with them.
>
> Sent from my iPad
>
> On Jan 9, 2016, at 8:34 PM, Vaughn A. Hart <vaughn at ...4126...<mailto:
> vaughn at ...4126...>> wrote:
>
> Hi Folks,
>
> I am confused about the security ruleset setting in Snort. I am using a
> third party vendor (Cisco Meraki) and it seems that they haven't released a
> Security/Snort ruleset update to their MX security appliances because there
> have been no matching snort signature releases that match the Security
> Ruleset CVSS criteria. This seems confusing to me as there have been
> Microsoft, Adobe and Apple snort signatures since the 4th of December 2015,
> that are a CVSS of 6 and higher. Or am I mistaken?
>
> If anyone is running the Security Ruleset in Snort (standalone), have you
> gotten an update? and can someone explain this to me, because what I see
> from US-Cert and the Talos releases seems to indicate that there should be
> an update.
>
> Thanks!
>
> --
>
> -V
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
> ------------------------------
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> End of Snort-sigs Digest, Vol 116, Issue 4
> ******************************************
>



-- 


Vaughn A. Hart
Manager
Aegis IT, LLC
646-284-4291
vaughn at ...4126...
http://www.aegisitnyc.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160111/48efd9dd/attachment.html>


More information about the Snort-sigs mailing list