IDS mailing list archives

RE: SourceFire RNA

From: "Rob Shein" <shoten () starpower net>
Date: Tue, 2 Dec 2003 12:48:18 -0500

Ahh, understood.  But again, this supports my point; it's not realistic to
posit a node on a network that is entirely silent; it just doesn't happen.
This is just another scenario that explains why. :)

-----Original Message-----
From: Renaud Deraison [mailto:deraison () nessus org] 
Sent: Tuesday, December 02, 2003 12:01 PM
To: Rob Shein
Cc: 'Lior Tal'; focus-ids () securityfocus com
Subject: Re: SourceFire RNA


On Tue, Dec 02, 2003 at 11:44:30AM -0500, Rob Shein wrote:

I wouldn't say "reactive security practices don't work."  There's 
absolutely no way to cover all the bases in advance, and

that's just

how life is; you have to have a reactive capability to be secure.


Sorry, I was not clear - I actually meant reactive 
vulnerability management practices don't work (ie: wait for 
an attack to occur, patch afterwards).

That is, if you have a 100% passive tool which is here to 
help you foresee 
possible vulnerabilities on your network it's not OK to say 
that you don't 
really care about mute hosts. This is why we advise the use 
of passive scanners like NeVO or RNA to be used in 
conjunction with active probes. 


                              -- Renaud

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

SourceFire RNA Lior Tal (Dec 02)
- RE: SourceFire RNA Rob Shein (Dec 02)
  - Re: SourceFire RNA Renaud Deraison (Dec 02)
    - RE: SourceFire RNA Rob Shein (Dec 02)
    - Re: SourceFire RNA Renaud Deraison (Dec 02)
    - RE: SourceFire RNA Rob Shein (Dec 02)
    - RE: SourceFire RNA Lior Tal (Dec 03)
    - Re: SourceFire RNA Martin Roesch (Dec 03)
    - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)
    - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)
    - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)
    - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)

(Thread continues...)