Re: Tuning false positives - SIM is not the answer
- From: Jason <security@xxxxxxxxxxx>
- Date: Fri, 06 Jan 2006 18:08:30 -0500
> 3. The MARS OS is a Linux distro but users can't get to the actual
> OS. This wouldn't normally be a problem but there was a bad MARS
> build that was published recently, yanked within a day or so, and
> then required a TAC engineer to remotely login to the MARS box to fix
> it. This is contrary to every other Cisco device, including
> Linux-based 42xx IDS/IPS, that I've worked with.
>
Can I read into that statement that there is a some form of capability
that does allow access to the OS but only to Cisco TAC? Did you need to
enable an account and password for that access or simply access to the
system?
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- Re: Tuning false positives - SIM is not the answer
- From: Brent Stackhouse
- Re: Tuning false positives - SIM is not the answer
- References:
- Prev by Date: Re: WMF and IPS products?
- Next by Date: Re: Tuning false positives - SIM is not the answer
- Previous by thread: Re: RE: RE: Tuning false positives - SIM is not the answer
- Next by thread: Re: Tuning false positives - SIM is not the answer
- Index(es):
