Re: Fwd: Cisco Security Agent Webinar

[Chuck Crawford <ccrawf () KU EDU>]

We tested Cisco's security agent about the time of the Blaster, Nachi, fun late August, early September.

We put up a non-patched Windows 2000 server, weak passwords, yada yada yada, installed CSA and waited for the worst.  
To our surprise we monitored several 100 attempts an hour but none were successful.  

We were very pleased.  Now the cost is another story.

Thanks

Charles Crawford
IT Security Officer
University of Kansas
(785)864-0491
ccrawf () ku edu
www.security.ku.edu


-----Original Message-----
From: Dan Glass [mailto:djglass () UNT EDU]
Sent: Wednesday, October 22, 2003 4:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Fwd: Cisco Security Agent Webinar


I sat through a Cisco sales pitch of the Agent a few weeks ago and was
somewhat impressed with it's ability to stop buffer overflows, writing
to the system/system32 directory, and other assorted nasty behavior.
The software is behavior-based and features pre-configured 'profiles'
that can then be modified to suit the system administrators needs. On
the downside, you can expect a 3% hit to your resources.
I have a demo copy sitting on my desk but have not had the chance to run
it through its paces yet, so I do not know how well it does under *real*
pressure, or how it interoperates with various applications. However,
from what I have seen, behavior-based agents may be the next 'big' thing
in information security.


--
Dan Glass, MS
Information Security
Computing & IT Center
University of North Texas
email: djglass () unt edu
phone: 940.369.7800
gpg pub key:    0x3FF1DF8A
gpg fingerprint:9856 ED67 CEAE FF9A 4FBB  8246 FE0C 0C61 3FF1 DF8A

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.