Re: IDS ISS
From: David DiGennaro (DDiGennaro_at_BostonFinancial.com)
Date: 05/19/05
- Previous message: THolman_at_toplayer.com: "RE: SIM Tools, and endpoint security."
- Maybe in reply to: Berteau Anatole: "IDS ISS"
- Next in thread: Siddharth Phadnis: "RE: IDS ISS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 May 2005 06:51:27 -0400 To: <focus-ids@securityfocus.com>
I implemented just 1 network sensor for ISS Real Secure at a major pediatric facility due to budgetary constraints. While it can be done I would not recommend it especially if you have a large complex network. At the very least you should deploy some HIDS with it for some added protection. I was required to deploy a Snort server on the research side of the network because it was "free". We implemented a centralized log server and parsed the logs since we were using a combination of products.
We then had the alerts sent out to a Blackberry unit that was carried by the on-call person.
D.DiGennaro
--------------------------------------------------------------------------------------------------------------------
IMPORTANT NOTICE. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you received this communication in error. Any review, dissemination, distribution or copying of this communication is strictly prohibited. If you receive this communication in error please send a return e-mail, and then delete this message, together with any attachments. Thank you.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: THolman_at_toplayer.com: "RE: SIM Tools, and endpoint security."
- Maybe in reply to: Berteau Anatole: "IDS ISS"
- Next in thread: Siddharth Phadnis: "RE: IDS ISS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
