IDS mailing list archives
Re: Dynamic configuration management
From: Ron Gula <rgula () tenablesecurity com>
Date: Mon, 01 Aug 2005 14:22:47 -0400
At 05:27 PM 7/28/2005, Christian Kreibich wrote:
Hi all, I'm curious to hear to what level both commercial and open-source systems known to the members of this list support dynamic configuration management. That is, what's the state of the art in allowing one to tweak the operational parameters, retrieve + inspect current state, etc, in an on-line fashion, and to what degree can this be automated across larger installations. For what it's worth, I'd define "on-line" as anything better than stopping the system, tweaking the config files, and restarting. Marketing blurbs are welcome too, though you might prefer to send me these off-line. Thanks. Cheers, Christian.
Do you mean the configuration of a system, or of an IDS/IPS? For the intrusion stuff, our Lightning Console has the ability to look at the results from Nessus's local and remote checks, as well as NeVO's passively determined vulnerabilities and produce a Snort rule set which only has the 'vulnerable' signatures enabled. You end up running with a much smaller signature set than most Snort user's are comfortable with, but it's extremely effective. From an operating system configuration level, there are many commercial solutions that can grab anything from registry settings to actual hard drive images. Some of these use agents and some use credentials. Some of these can prevent configuration changes which would take a box out of a known-good configuration policy, and others can report on this after the fact. Most vulnerability scanners, including Nessus and NeWT, can log onto UNIX and Windows boxes and check them for missing patches, configuration settings, .etc. Ron Gula, CTO Tenable Network Security http://www.tenablesecurity.com http://www.nessus.org ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Re: Dynamic configuration management Ron Gula (Aug 02)
- Re: Dynamic configuration management Christian Kreibich (Aug 03)