Re: Cisco CTR

["John Lampe" <jwlampe () aceryder com>]

----- Original Message ----- 
From: "Joe Bowling" <joebowling () comcast net>
To: <liranil () optonline net>
Cc: <focus-ids () securityfocus com>
Sent: Tuesday, November 11, 2003 12:26 AM
Subject: Re: Cisco CTR


> the RNA runs on its own box
> all it does is listen...so even if it dropped a packet in a stream it
> wouldnt matter....its not matching signatures...its fingerpringting OS's
and
> Apps.
>
> the demo i saw of it rocked the house....cause it fingerprints not only
your
> internal network but also everyone you talk to on your "external"
> network.....lets just say you will discover some interesting things out
> there (IIS version 3.0)

I work for Tenable Security, so I may be a little biased ;-)
however, if you're into passive vulnerability scanning, you may
also wish to check out Nevo from Tenable Security.  Nevo can
work in 'stand-alone' mode.  In addition, it can forward it's
alerts up to the Lightning console where it can be used to
correlate IDS and scanner data.  So, for instance, you can have
your Nessus, Newt, Snort, and Nevo data all residing on a central console.
The nice thing is that you can choose to only look at attacks which
were directed against actually vulnerable machines....And, yes, since
Nevo is passive, it can look at vulnerable machines on your business
partner networks, external nets, etc.

John Lampe



---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------