RE: IDS

The issue is using some of the methods you mention, they device is already
on the network before you find out if they are running anything not allowed.
VAM and/or IPS solutions are not the right tool for this job. Network
Access control products are. A good mechanic is only as good as their
tools!


alan


StillSecure
Alan Shimel
Chief Strategy Officer

O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel@xxxxxxxxxxxxxxx
blog http://ashimmy.typepad.com

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.

-----Original Message-----
From: barcajax@xxxxxxxxx [mailto:barcajax@xxxxxxxxx]
Sent: Tuesday, July 04, 2006 10:14 PM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Re: IDS

Based on your described requirement, you are looking in the wrong direction
because IDSs do not provide you with a profile of the patch level of
individual nodes.
There are two ways (automated or manual) to tackle your need. The manual
method involves either scanning the machine to identify missing patches (eg.
Nessus or MBSA) or triggering an update on the machine itself (eg. Windows
Update).
The automated alternative involves deploying a patch management solution
(eg. PatchLink, Citadel Hercules or SUS/SMS) or a quarantining solution that
does not allow a machine with network access until a predefined patch level
is met.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Relevant Pages

  • Slow Download of Links after 11.8110.8202
    ... Working with Office 2003 EXCEL and PPT/PPS files stored on a network drive. ... When working with PowerPoint SP2 at patch level 11.8110,9202 I can open the ... I am being pushed by Administrator to upgrade my patches (and soon to ...
    (microsoft.public.powerpoint)
  • RE: Home laptops on a corporate network
    ... Using a product like Cisco Clean Access allows you to control ... CCA client runs on the laptop and when connected to the network (in a ... laptops are to be used, find a solution that allows it. ... to verify patch level and AV update on these machines that may have EPHI ...
    (Security-Basics)
  • Sun OS 4.1.3 Changing IP Address
    ... network, I am not sure of the Patch level as I am not well versed in UNIX. ... The system is used for Historical Data only and has not been altered in any ...
    (SunManagers)
  • Re: Can I limit the bandwidth of a network interface with WIN32 API?
    ... a protocol driver gets a copy of the incoming and outgoing packets. ... By delaying or dropping those packets, it cannot delay the network traffic. ... not the intended recipient please notify the author by replying to this ...
    (microsoft.public.win32.programmer.networks)
  • Re: Restricting View of E-Mail Groups
    ... will only see the SMTP address of the DL. ... other users in the BCC field. ... intended recipient. ... network from viewing the e-mail addresses of other e-mail members in a given ...
    (microsoft.public.exchange2000.admin)