funsec mailing list archives
Re: so, is I[dp]S a STUPID technology?
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 13 Oct 2005 09:47:29 -0500
--On Wednesday, October 12, 2005 21:57:54 -0600 Dude <dudevanwinkle () gmail com> wrote:
We've discussed it (actually I've raised the issue repeatedly), but management doesn't want to go there.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We provided the option of patch management to the students and not many refused the service.
Students want to keep their machines safe as well, most just dont know how.
I'll agree with that!
We haven't had any problems with worms in quite some time. Sheer luck I guess. ;-)Agent based stuff has worked really well for me. Patchlink has done a bang up job in my previouls .edu domain. Havent been hit by any of the werms. The agents do a client pull every 15 min from the server over ssl. report if they fail x amount of times.
Thanks. I'll check that out. I haven't mentioned this in previous posts, but one of the problems that I've had with va scanners is boatloads of false positives. For example, GFI Languard works quite well *if* you have local admin on the box. (We don't.) If not, it's prone to false positives. When you have to chase down fps on hundreds of boxes, you very quickly find something else to do and the va scanner becomes a boat anchor.As far as scanning them goes, http://infosec.yorku.ca/tools/ has a scanner that did 4 class B's in under 15 min, (ask J. Glass:) it doesnt check for everything, but you might get it to at least scan for the SANS top 20 in that time with some trial and error.
Nessus has the same problem. Can't tell you about ISS because it's never worked well enough to determine if it generates fps (except for the one that we reported that they swore up and down didn't exist until they were able to replicate it.)
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: so, is I[dp]S a STUPID technology?, (continued)
- Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Jordan Wiens (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Blue Boar (Oct 12)
- Message not available
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 13)
- Re: so, is I[dp]S a STUPID technology? Aviram Jenik (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Robert Edmonds (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Eduardo Tongson (Oct 20)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Valdis . Kletnieks (Oct 12)
- RE: so, is I[dp]S a STUPID technology? Aditya Deshmukh (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)
- Re: so, is I[dp]S a STUPID technology? Paul Schmehl (Oct 12)