[Snort-users] RNA Config

Ollie Walsh ollie_walsh at ...131...
Mon Aug 15 07:30:45 EDT 2005


Hi,
I have a question about RNA and how it can be used
effectivly on a customer network. I have deployed an
RNA sensor and IS sensor on a customer network
segment. It has picked up all the hosts on the network
including OS info, services etc. However, I have some
assumptions and questions on what to do next. 

How do i maintian the vulnerability level for each
host. If the RNA sensor tells me that hosts are
potentially vulnerable to say Windows vulnerabilities,
how  do I get that info. Do I need to ask the customer
to scan their hosts and give me a list of
vulnerabilities that its currently exposed to. Then
how do we maintain that if new servers get patched, or
patches don’t install properly and we think we are not
vulnerable when in fact we are ???
For MSSP type scenarios, whos responsibility does it
fall on to keep RNA updated. Any recommendations ??
If RNA needs to be kept updated with vulnerability
info and the baselining of all hosts initially, to me
that involves a lot of man hours.
Also, a question that I did not get to ask at the
Sourcefire Training Course is that if a system is NOT
vulnerable to a particular exploit due to a patch
being deployed, does it still create and alert, all be
it a low one or does it ignore it totally.

Hopefully someone can answer my questions and
assumptions.

Thanks in advance 

S


		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 




More information about the Snort-users mailing list