Re: Dynamic configuration management

From: Ron Gula (
Date: 08/01/05

  • Next message: Jim B: "Re: Editing ISS RealSecure Network Sensor policy from commandline"
    Date: Mon, 01 Aug 2005 14:22:47 -0400
    To: Focus IDS <>

    At 05:27 PM 7/28/2005, Christian Kreibich wrote:
    >Hi all,
    >I'm curious to hear to what level both commercial and open-source
    >systems known to the members of this list support dynamic configuration
    >management. That is, what's the state of the art in allowing one to
    >tweak the operational parameters, retrieve + inspect current state, etc,
    >in an on-line fashion, and to what degree can this be automated across
    >larger installations.
    >For what it's worth, I'd define "on-line" as anything better than
    >stopping the system, tweaking the config files, and restarting.
    >Marketing blurbs are welcome too, though you might prefer to send me
    >these off-line. Thanks.

    Do you mean the configuration of a system, or of an IDS/IPS?

    For the intrusion stuff, our Lightning Console has the ability to
    look at the results from Nessus's local and remote checks, as well
    as NeVO's passively determined vulnerabilities and produce a Snort
    rule set which only has the 'vulnerable' signatures enabled. You
    end up running with a much smaller signature set than most Snort
    user's are comfortable with, but it's extremely effective.

     From an operating system configuration level, there are many
    commercial solutions that can grab anything from registry settings
    to actual hard drive images. Some of these use agents and some use
    credentials. Some of these can prevent configuration changes which
    would take a box out of a known-good configuration policy, and
    others can report on this after the fact. Most vulnerability
    scanners, including Nessus and NeWT, can log onto UNIX and Windows
    boxes and check them for missing patches, configuration settings,

    Ron Gula, CTO
    Tenable Network Security

    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to
    to learn more.

  • Next message: Jim B: "Re: Editing ISS RealSecure Network Sensor policy from commandline"

    Relevant Pages

    • Re: Spyware and Adware affect every internet user
      ... I was referring to the flaws that are getting 'exploited all day long'. ... and certain ActiveX vulnerabilities widespread. ... While this is true our locked down configuration of IE has emerged unscathed. ... Again that may well be true buy for some reason we have been running for years without an incident. ...
    • Re: ESX Vmware Physically connected to different segments
      ... Even if everything is configured properly, mixing security domains in ... That's because the underlying host is also vulnerable, ... If everything is setup properly this configuration should be secure. ... Cenzic finds more, "real" vulnerabilities fast. ...
    • RedHat 7.2 firewall/router vulnerabilities
      ... Can anyone tell me what the following lines do in RedHat Linux 7.2 (kernel ... modprobe iptable_nat ... What vulnerabilities exist with this as the configuration for a ...
    • Re: mysql as DefaultDS in jboss
      ... look at the folder (if you run the 'default' configuration): ... edit it and change MySQLDS by DefaultDS to follow you settings. ... Will load the default rule set. ... ObjectName: ...
    • IP configuration at runtime and persisting the configuration changes.
      ... I have a requirement to be able to change the IP configuration at runtime. ... I believe I have to change some registry settings for this, ... to pesist changes other than Regcopyfile and regrestorefile. ... Thanks for any pointers and help. ...