Educause Security Discussion mailing list archives
Re: Fwd: Cisco Security Agent Webinar
From: Pete Hoffswell <Pete.Hoffswell () DAVENPORT EDU>
Date: Wed, 22 Oct 2003 17:34:57 -0400
I have the new version of Cisco Secure IDS running on my network here. In the new version, Cisco's IDS box talks with a server, that in turn checks servers for vulerabilities, patch levels, or shut them down. http://www.cisco.com/en/US/products/sw/secursw/ps5054/products_white_paper09186a0080148743.shtml Requies a server that runs the threat response system. I have it running, but have not fully configured it yet. Nice thing about it is, it does the first steps you do in a normal IDS environment. That is, check to see if the intrusion alarm is a false positive.
djglass () UNT EDU 10/22/03 17:15 PM >>>
I sat through a Cisco sales pitch of the Agent a few weeks ago and was somewhat impressed with it's ability to stop buffer overflows, writing to the system/system32 directory, and other assorted nasty behavior. The software is behavior-based and features pre-configured 'profiles' that can then be modified to suit the system administrators needs. On the downside, you can expect a 3% hit to your resources. I have a demo copy sitting on my desk but have not had the chance to run it through its paces yet, so I do not know how well it does under *real* pressure, or how it interoperates with various applications. However, from what I have seen, behavior-based agents may be the next 'big' thing in information security. -- Dan Glass, MS Information Security Computing & IT Center University of North Texas email: djglass () unt edu phone: 940.369.7800 gpg pub key: 0x3FF1DF8A gpg fingerprint:9856 ED67 CEAE FF9A 4FBB 8246 FE0C 0C61 3FF1 DF8A ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Fwd: Cisco Security Agent Webinar Peter Charbonneau (Oct 22)
- <Possible follow-ups>
- Re: Fwd: Cisco Security Agent Webinar Dan Glass (Oct 22)
- Re: Fwd: Cisco Security Agent Webinar Chuck Crawford (Oct 22)
- Re: Fwd: Cisco Security Agent Webinar Pete Hoffswell (Oct 22)