Snort mailing list archives
Re: RNA Config
From: Jason Brvenik <jasonb () sourcefire com>
Date: Mon, 15 Aug 2005 10:36:17 -0400
Ollie.This is the snort-users list. RNA is a Sourcefire product. You should direct these questions to Sourcefire support or your local representative.
I would be happy to get you in touch with the appropriate representative if you tell me where and who you work with.
Regards, Jason. Ollie Walsh wrote:
Hi, I have a question about RNA and how it can be used effectivly on a customer network. I have deployed an RNA sensor and IS sensor on a customer network segment. It has picked up all the hosts on the network including OS info, services etc. However, I have someassumptions and questions on what to do next.How do i maintian the vulnerability level for each host. If the RNA sensor tells me that hosts are potentially vulnerable to say Windows vulnerabilities, how do I get that info. Do I need to ask the customer to scan their hosts and give me a list of vulnerabilities that its currently exposed to. Then how do we maintain that if new servers get patched, or patches don’t install properly and we think we are not vulnerable when in fact we are ??? For MSSP type scenarios, whos responsibility does it fall on to keep RNA updated. Any recommendations ?? If RNA needs to be kept updated with vulnerability info and the baselining of all hosts initially, to me that involves a lot of man hours. Also, a question that I did not get to ask at the Sourcefire Training Course is that if a system is NOT vulnerable to a particular exploit due to a patch being deployed, does it still create and alert, all be it a low one or does it ignore it totally. Hopefully someone can answer my questions and assumptions.Thanks in advanceS ____________________________________________________Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RNA Config Ollie Walsh (Aug 15)
- Re: RNA Config Jason Brvenik (Aug 15)
- Re: RNA Config Michael Schwartzkopff (Aug 15)