[Snort-users] RNA Config

Jason Brvenik jasonb at ...1935...
Mon Aug 15 07:39:13 EDT 2005


Ollie.

This is the snort-users list. RNA is a Sourcefire product. You should 
direct these questions to Sourcefire support or your local representative.

I would be happy to get you in touch with the appropriate representative 
if you tell me where and who you work with.

Regards,
Jason.

Ollie Walsh wrote:
> Hi,
> I have a question about RNA and how it can be used
> effectivly on a customer network. I have deployed an
> RNA sensor and IS sensor on a customer network
> segment. It has picked up all the hosts on the network
> including OS info, services etc. However, I have some
> assumptions and questions on what to do next. 
> 
> How do i maintian the vulnerability level for each
> host. If the RNA sensor tells me that hosts are
> potentially vulnerable to say Windows vulnerabilities,
> how  do I get that info. Do I need to ask the customer
> to scan their hosts and give me a list of
> vulnerabilities that its currently exposed to. Then
> how do we maintain that if new servers get patched, or
> patches don’t install properly and we think we are not
> vulnerable when in fact we are ???
> For MSSP type scenarios, whos responsibility does it
> fall on to keep RNA updated. Any recommendations ??
> If RNA needs to be kept updated with vulnerability
> info and the baselining of all hosts initially, to me
> that involves a lot of man hours.
> Also, a question that I did not get to ask at the
> Sourcefire Training Course is that if a system is NOT
> vulnerable to a particular exploit due to a patch
> being deployed, does it still create and alert, all be
> it a low one or does it ignore it totally.
> 
> Hopefully someone can answer my questions and
> assumptions.
> 
> Thanks in advance 
> 
> S
> 
> 
> 		
> ____________________________________________________
> Start your day with Yahoo! - make it your home page 
> http://www.yahoo.com/r/hs 
>  
> 
> 
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list