[Snort-users] RNA Config
jasonb at ...1935...
Mon Aug 15 07:39:13 EDT 2005
This is the snort-users list. RNA is a Sourcefire product. You should
direct these questions to Sourcefire support or your local representative.
I would be happy to get you in touch with the appropriate representative
if you tell me where and who you work with.
Ollie Walsh wrote:
> I have a question about RNA and how it can be used
> effectivly on a customer network. I have deployed an
> RNA sensor and IS sensor on a customer network
> segment. It has picked up all the hosts on the network
> including OS info, services etc. However, I have some
> assumptions and questions on what to do next.
> How do i maintian the vulnerability level for each
> host. If the RNA sensor tells me that hosts are
> potentially vulnerable to say Windows vulnerabilities,
> how do I get that info. Do I need to ask the customer
> to scan their hosts and give me a list of
> vulnerabilities that its currently exposed to. Then
> how do we maintain that if new servers get patched, or
> patches don’t install properly and we think we are not
> vulnerable when in fact we are ???
> For MSSP type scenarios, whos responsibility does it
> fall on to keep RNA updated. Any recommendations ??
> If RNA needs to be kept updated with vulnerability
> info and the baselining of all hosts initially, to me
> that involves a lot of man hours.
> Also, a question that I did not get to ask at the
> Sourcefire Training Course is that if a system is NOT
> vulnerable to a particular exploit due to a patch
> being deployed, does it still create and alert, all be
> it a low one or does it ignore it totally.
> Hopefully someone can answer my questions and
> Thanks in advance
> Start your day with Yahoo! - make it your home page
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users