[Snort-users] Another license question?

Rich Adamson radamson at ...2127...
Tue Mar 8 15:05:22 EST 2005


Marty,

Need to get feedback/understanding of how the license approach would work
in this example.

We have retainer agreements with several banks to provide the Professional
Services to secure the bank's I/T assets, and assist them with the
documentation necessary to obtain a high ranking from the State and Fed
banking examiners. The services typcially involves understanding their
exposures/risks, server and workstation I/T functions, firewall and other
device configurations, etc.

In some cases, the bank will dedicate a PC (or two) for consolidated
logs, IDS, etc. In some cases we'll ask them to install snort as an
additional layer of security, which they frequently do.

Our company didn't sell them the PC, snort, or any hardware/software
component involved; only the professional services and training to 
guide them in their overly regulated industry.

When we leave, they own the assets, the process, logs, alerts, etc.

As the professional services company, are we liable for any of the
snort license issues associated with that process?

If I understand the many previous postings, the bank would need to 
register and/or purchase a license, but its their decision as to what
level of commitment they might want to make to the process.

Rich






More information about the Snort-users mailing list