IDS mailing list archives
Re: Cisco CTR
From: "John Lampe" <jwlampe () aceryder com>
Date: Wed, 12 Nov 2003 13:48:16 -0500
----- Original Message ----- From: "Joe Bowling" <joebowling () comcast net> To: <liranil () optonline net> Cc: <focus-ids () securityfocus com> Sent: Tuesday, November 11, 2003 12:26 AM Subject: Re: Cisco CTR
the RNA runs on its own box all it does is listen...so even if it dropped a packet in a stream it wouldnt matter....its not matching signatures...its fingerpringting OS's
and
Apps. the demo i saw of it rocked the house....cause it fingerprints not only
your
internal network but also everyone you talk to on your "external" network.....lets just say you will discover some interesting things out there (IIS version 3.0)
I work for Tenable Security, so I may be a little biased ;-) however, if you're into passive vulnerability scanning, you may also wish to check out Nevo from Tenable Security. Nevo can work in 'stand-alone' mode. In addition, it can forward it's alerts up to the Lightning console where it can be used to correlate IDS and scanner data. So, for instance, you can have your Nessus, Newt, Snort, and Nevo data all residing on a central console. The nice thing is that you can choose to only look at attacks which were directed against actually vulnerable machines....And, yes, since Nevo is passive, it can look at vulnerable machines on your business partner networks, external nets, etc. John Lampe --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ---------------------------------------------------------------------------
Current thread:
- RE: Cisco CTR, (continued)
- RE: Cisco CTR Chad R. Skipper (Nov 10)
- Re: Cisco CTR Joe Bowling (Nov 10)
- RE: Cisco CTR Alan Shimel (Nov 10)
- RE: Cisco CTR Gary Halleen (Nov 07)
- Re: Cisco CTR John Lampe (Nov 10)
- Re: Cisco CTR Petr Ruzicka (Nov 10)
- RE: Cisco CTR John Petropoulos (Nov 07)
- Re: Cisco CTR liranil (Nov 12)
- Re: Cisco CTR Joe Bowling (Nov 12)
- Re: Cisco CTR Ron Gula (Nov 13)
- Re: Cisco CTR John Lampe (Nov 13)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 19)
- Re: Cisco CTR Ron Gula (Nov 19)
- Re: Cisco CTR Martin Roesch (Nov 20)
- Re: Cisco CTR Joe Bowling (Nov 12)
- Re: Cisco CTR Ron Gula (Nov 19)
- Re: Cisco CTR Renaud Deraison (Nov 19)
- Re: Cisco CTR Martin Roesch (Nov 19)