Snort mailing list archives
Re: Snort-sigs Digest, Vol 116, Issue 4
From: "Vaughn A. Hart" <vaughn () aegisitnyc com>
Date: Mon, 11 Jan 2016 18:30:32 -0500
awesome. Thank you very much. You guys need an intern? I work in IT but I'm not a security expert. Any suggestions on how to make a firewall secure? -Vaughn On Mon, Jan 11, 2016 at 3:46 PM, <snort-sigs-request () lists sourceforge net> wrote:
Send Snort-sigs mailing list submissions to snort-sigs () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-sigs or, via email, send a message with subject or body 'help' to snort-sigs-request () lists sourceforge net You can reach the person managing the list at snort-sigs-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-sigs digest..." Today's Topics: 1. Re: Security Ruleset - CVSS Level (Joel Esler (jesler)) 2. Re: Security Ruleset - CVSS Level (Joel Esler (jesler)) ---------------------------------------------------------------------- Message: 1 Date: Mon, 11 Jan 2016 20:42:05 +0000 From: "Joel Esler (jesler)" <jesler () cisco com> Subject: Re: [Snort-sigs] Security Ruleset - CVSS Level To: "Vaughn A. Hart" <vaughn () aegisitnyc com> Cc: "snort-sigs () lists sourceforge net" <snort-sigs () lists sourceforge net> Message-ID: <39C4CFC8-E76D-452A-BB5A-6F523A70C907 () cisco com> Content-Type: text/plain; charset="us-ascii" Vaughn, It appears we've isolated the issue. It would be fixed shortly. Thank you for bringing this to our attention. -- Joel Esler Manager, Talos Group Sent from my iPhone On Jan 9, 2016, at 8:40 PM, Joel Esler (jesler) <jesler () cisco com<mailto: jesler () cisco com>> wrote: Vaughn, Thanks for writing in. So, there could be a couple things going on here, and I may have to get with the Meraki team to diagnose the problem. First off, if we take a look at the ruleset: https://www.snort.org/advisories/talos-rules-2016-01-07 You can see the "enabled"/"Disabled" state of the ruleset as shipped. Now, that means "Balanced". So if it's on in Balanced, it's on in security, as the more stringent rulesets also contain the lighter ruleset states, and sometimes make them "harsher". That all being said, the Meraki device is a unique type of appliance. You select the policy you want to run, and the system takes care of it for you. So, there will be a couple things we'll have to diagnose here, and none of which you need to do. I'll coordinate with the Meraki team to figure out what needs to be done. Off the top of my head, it could be several things. I'll follow up once I touch base with them. Sent from my iPad On Jan 9, 2016, at 8:34 PM, Vaughn A. Hart <vaughn () aegisitnyc com<mailto: vaughn () aegisitnyc com>> wrote: Hi Folks, I am confused about the security ruleset setting in Snort. I am using a third party vendor (Cisco Meraki) and it seems that they haven't released a Security/Snort ruleset update to their MX security appliances because there have been no matching snort signature releases that match the Security Ruleset CVSS criteria. This seems confusing to me as there have been Microsoft, Adobe and Apple snort signatures since the 4th of December 2015, that are a CVSS of 6 and higher. Or am I mistaken? If anyone is running the Security Ruleset in Snort (standalone), have you gotten an update? and can someone explain this to me, because what I see from US-Cert and the Talos releases seems to indicate that there should be an update. Thanks! -- -V ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Mon, 11 Jan 2016 20:46:25 +0000 From: "Joel Esler (jesler)" <jesler () cisco com> Subject: Re: [Snort-sigs] Security Ruleset - CVSS Level To: "Vaughn A. Hart" <vaughn () aegisitnyc com> Cc: "snort-sigs () lists sourceforge net" <snort-sigs () lists sourceforge net> Message-ID: <105DE119-2F0F-410E-A6B2-6781B11B7CA3 () cisco com> Content-Type: text/plain; charset="us-ascii" It will*. Sorry. Keyboard got me. -- Joel Esler Manager, Talos Group Sent from my iPhone On Jan 11, 2016, at 3:45 PM, Joel Esler (jesler) <jesler () cisco com<mailto: jesler () cisco com>> wrote: Vaughn, It appears we've isolated the issue. It would be fixed shortly. Thank you for bringing this to our attention. -- Joel Esler Manager, Talos Group Sent from my iPhone On Jan 9, 2016, at 8:40 PM, Joel Esler (jesler) <jesler () cisco com<mailto: jesler () cisco com>> wrote: Vaughn, Thanks for writing in. So, there could be a couple things going on here, and I may have to get with the Meraki team to diagnose the problem. First off, if we take a look at the ruleset: https://www.snort.org/advisories/talos-rules-2016-01-07 You can see the "enabled"/"Disabled" state of the ruleset as shipped. Now, that means "Balanced". So if it's on in Balanced, it's on in security, as the more stringent rulesets also contain the lighter ruleset states, and sometimes make them "harsher". That all being said, the Meraki device is a unique type of appliance. You select the policy you want to run, and the system takes care of it for you. So, there will be a couple things we'll have to diagnose here, and none of which you need to do. I'll coordinate with the Meraki team to figure out what needs to be done. Off the top of my head, it could be several things. I'll follow up once I touch base with them. Sent from my iPad On Jan 9, 2016, at 8:34 PM, Vaughn A. Hart <vaughn () aegisitnyc com<mailto: vaughn () aegisitnyc com>> wrote: Hi Folks, I am confused about the security ruleset setting in Snort. I am using a third party vendor (Cisco Meraki) and it seems that they haven't released a Security/Snort ruleset update to their MX security appliances because there have been no matching snort signature releases that match the Security Ruleset CVSS criteria. This seems confusing to me as there have been Microsoft, Adobe and Apple snort signatures since the 4th of December 2015, that are a CVSS of 6 and higher. Or am I mistaken? If anyone is running the Security Ruleset in Snort (standalone), have you gotten an update? and can someone explain this to me, because what I see from US-Cert and the Talos releases seems to indicate that there should be an update. Thanks! -- -V ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 ------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! End of Snort-sigs Digest, Vol 116, Issue 4 ******************************************
-- Vaughn A. Hart Manager Aegis IT, LLC 646-284-4291 vaughn () aegisitnyc com http://www.aegisitnyc.com
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Snort-sigs Digest, Vol 116, Issue 4 Vaughn A. Hart (Jan 11)