Snort mailing list archives

Re: RNA Config

From: Jason Brvenik <jasonb () sourcefire com>
Date: Mon, 15 Aug 2005 10:36:17 -0400

Ollie.

This is the snort-users list. RNA is a Sourcefire product. You shoulddirect these questions to Sourcefire support or your local representative.

I would be happy to get you in touch with the appropriate representativeif you tell me where and who you work with.


Regards,
Jason.

Ollie Walsh wrote:

Hi,
I have a question about RNA and how it can be used
effectivly on a customer network. I have deployed an
RNA sensor and IS sensor on a customer network
segment. It has picked up all the hosts on the network
including OS info, services etc. However, I have some

assumptions and questions on what to do next.

How do i maintian the vulnerability level for each
host. If the RNA sensor tells me that hosts are
potentially vulnerable to say Windows vulnerabilities,
how  do I get that info. Do I need to ask the customer
to scan their hosts and give me a list of
vulnerabilities that its currently exposed to. Then
how do we maintain that if new servers get patched, or
patches don’t install properly and we think we are not
vulnerable when in fact we are ???
For MSSP type scenarios, whos responsibility does it
fall on to keep RNA updated. Any recommendations ??
If RNA needs to be kept updated with vulnerability
info and the baselining of all hosts initially, to me
that involves a lot of man hours.
Also, a question that I did not get to ask at the
Sourcefire Training Course is that if a system is NOT
vulnerable to a particular exploit due to a patch
being deployed, does it still create and alert, all be
it a low one or does it ignore it totally.

Hopefully someone can answer my questions and
assumptions.

Thanks in advance

S


                
____________________________________________________

Start your day with Yahoo! - make it your home pagehttp://www.yahoo.com/r/hs


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RNA Config Ollie Walsh (Aug 15)
- Re: RNA Config Jason Brvenik (Aug 15)
- Re: RNA Config Michael Schwartzkopff (Aug 15)