[Snort-users] RNA Config
misch at ...3397...
Mon Aug 15 11:03:30 EDT 2005
Am Montag, 15. August 2005 16:28 schrieb Ollie Walsh:
> How do i maintian the vulnerability level for each
> host. If the RNA sensor tells me that hosts are
> potentially vulnerable to say Windows vulnerabilities,
> how do I get that info. Do I need to ask the customer
> to scan their hosts and give me a list of
> vulnerabilities that its currently exposed to. Then
> how do we maintain that if new servers get patched, or
> patches dont install properly and we think we are not
> vulnerable when in fact we are ???
In fact if you use a defenve center appliance from Sourcefire the correlation
between attacks and vulnarabilities is done automatically. The vulnarabillity
data come from the RNA. In the defense center RNA page (also in the RNS page)
all vulnarabilities are listed RNA thinks it found. Sometimes RNA is nor very
precise in that assumtion. But you can manually clear every single
> For MSSP type scenarios, whos responsibility does it
> fall on to keep RNA updated. Any recommendations ??
Buy the service from Sourcefire and configure RNA the update automatically.
> If RNA needs to be kept updated with vulnerability
> info and the baselining of all hosts initially, to me
> that involves a lot of man hours.
> Also, a question that I did not get to ask at the
> Sourcefire Training Course is that if a system is NOT
> vulnerable to a particular exploit due to a patch
> being deployed, does it still create and alert, all be
> it a low one or does it ignore it totally.
Defense Center does this correlation.
> Hopefully someone can answer my questions and
Just ask for a demo version of the defense center and play with it.
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Snort-users