Educause Security Discussion mailing list archives
Re: Fwd: Cisco Security Agent Webinar
From: Chuck Crawford <ccrawf () KU EDU>
Date: Wed, 22 Oct 2003 16:26:52 -0500
We tested Cisco's security agent about the time of the Blaster, Nachi, fun late August, early September. We put up a non-patched Windows 2000 server, weak passwords, yada yada yada, installed CSA and waited for the worst. To our surprise we monitored several 100 attempts an hour but none were successful. We were very pleased. Now the cost is another story. Thanks Charles Crawford IT Security Officer University of Kansas (785)864-0491 ccrawf () ku edu www.security.ku.edu -----Original Message----- From: Dan Glass [mailto:djglass () UNT EDU] Sent: Wednesday, October 22, 2003 4:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Fwd: Cisco Security Agent Webinar I sat through a Cisco sales pitch of the Agent a few weeks ago and was somewhat impressed with it's ability to stop buffer overflows, writing to the system/system32 directory, and other assorted nasty behavior. The software is behavior-based and features pre-configured 'profiles' that can then be modified to suit the system administrators needs. On the downside, you can expect a 3% hit to your resources. I have a demo copy sitting on my desk but have not had the chance to run it through its paces yet, so I do not know how well it does under *real* pressure, or how it interoperates with various applications. However, from what I have seen, behavior-based agents may be the next 'big' thing in information security. -- Dan Glass, MS Information Security Computing & IT Center University of North Texas email: djglass () unt edu phone: 940.369.7800 gpg pub key: 0x3FF1DF8A gpg fingerprint:9856 ED67 CEAE FF9A 4FBB 8246 FE0C 0C61 3FF1 DF8A ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Fwd: Cisco Security Agent Webinar Peter Charbonneau (Oct 22)
- <Possible follow-ups>
- Re: Fwd: Cisco Security Agent Webinar Dan Glass (Oct 22)
- Re: Fwd: Cisco Security Agent Webinar Chuck Crawford (Oct 22)
- Re: Fwd: Cisco Security Agent Webinar Pete Hoffswell (Oct 22)