Re: Cisco CTR

From: Ron Gula (rgula_at_tenablesecurity.com)
Date: 11/17/03

  • Next message: Aaron Temin: "Re: Announcement: Alert Verification for Snort"
    Date: Mon, 17 Nov 2003 10:52:13 -0500
    To: focus-ids@securityfocus.com
    
    

    I know RNA has not officially shipped yet, but from the web site,
    it looks very similar to NeVO. It does similar OS fingerprinting,
    traffic profiling, security vulnerabilities and so on.

    The question I've not been able to get a good answer for is if
    RNA looks for unique vulnerabilities, or if it using the operating
    systems or application fingerprint to determine which vulnerabilities
    are active.

    Ron Gula
    Tenable Network Security

    At 09:41 PM 11/13/2003 -0500, Martin Roesch wrote:
    >Vendor Alert: I work for Sourcefire.
    >
    >RNA is not a passive vulnerability scanner, vulnerability analysis is
    >only a subset of what it can accomplish. I've taken to calling RNA a
    >passive network discovery system (PNDS) since that's a more accurate
    >description of what it does.
    >
    >BTW, the demo that Joe saw was from a beta of RNA that we were running
    >in-house, production versions should only be set to discover your
    >internal network so you don't accidentally start mapping other people's
    >networks with it. We had our internal sensors tuned that way for
    >testing of preproduction units only, we don't condone mapping other
    >people's networks with RNA.
    >
    > -Marty

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ids_031023
    and use priority code SF4.
    ---------------------------------------------------------------------------


  • Next message: Aaron Temin: "Re: Announcement: Alert Verification for Snort"