IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dynamic configuration management

From: Ron Gula <rgula () tenablesecurity com>
Date: Mon, 01 Aug 2005 14:22:47 -0400
At 05:27 PM 7/28/2005, Christian Kreibich wrote:

Hi all,

I'm curious to hear to what level both commercial and open-source
systems known to the members of this list support dynamic configuration
management. That is, what's the state of the art in allowing one to
tweak the operational parameters, retrieve + inspect current state, etc,
in an on-line fashion, and to what degree can this be automated across
larger installations.

For what it's worth, I'd define "on-line" as anything better than
stopping the system, tweaking the config files, and restarting.

Marketing blurbs are welcome too, though you might prefer to send me
these off-line. Thanks.

Cheers,
Christian.


Do you mean the configuration of a system, or of an IDS/IPS?

For the intrusion stuff, our Lightning Console has the ability to
look at the results from Nessus's local and remote checks, as well
as NeVO's passively determined vulnerabilities and produce a Snort
rule set which only has the 'vulnerable' signatures enabled. You
end up running with a much smaller signature set than most Snort
user's are comfortable with, but it's extremely effective.

From an operating system configuration level, there are many
commercial solutions that can grab anything from registry settings
to actual hard drive images. Some of these use agents and some use
credentials. Some of these can prevent configuration changes which
would take a box out of a known-good configuration policy, and
others can report on this after the fact. Most vulnerability
scanners, including Nessus and NeWT, can log onto UNIX and Windows
boxes and check them for missing patches, configuration settings,
.etc.

Ron Gula, CTO
Tenable Network Security
http://www.tenablesecurity.com
http://www.nessus.org







------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: