Re: Fwd: Cisco Security Agent Webinar

[Pete Hoffswell <Pete.Hoffswell () DAVENPORT EDU>]

I have the new version of Cisco Secure IDS running on my network here.  In the new version, Cisco's IDS box talks with 
a server, that in turn checks servers for vulerabilities, patch levels, or shut them down.

http://www.cisco.com/en/US/products/sw/secursw/ps5054/products_white_paper09186a0080148743.shtml

Requies a server that runs the threat response system.

I have it running, but have not fully configured it yet.

Nice thing about it is, it does the first steps you do in a normal IDS environment.  That is, check to see if the 
intrusion alarm is a false positive.



> > > djglass () UNT EDU 10/22/03 17:15 PM >>>
I sat through a Cisco sales pitch of the Agent a few weeks ago and was
somewhat impressed with it's ability to stop buffer overflows, writing
to the system/system32 directory, and other assorted nasty behavior.
The software is behavior-based and features pre-configured 'profiles'
that can then be modified to suit the system administrators needs. On
the downside, you can expect a 3% hit to your resources.
I have a demo copy sitting on my desk but have not had the chance to run
it through its paces yet, so I do not know how well it does under *real*
pressure, or how it interoperates with various applications. However,
from what I have seen, behavior-based agents may be the next 'big' thing
in information security.


--
Dan Glass, MS
Information Security
Computing & IT Center
University of North Texas
email: djglass () unt edu
phone: 940.369.7800
gpg pub key:    0x3FF1DF8A
gpg fingerprint:9856 ED67 CEAE FF9A 4FBB  8246 FE0C 0C61 3FF1 DF8A

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.