|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: IDS: Bounced messages
From: Lister, Justin (justin.lister
csfb.com)Date: Wed Mar 29 2000 - 23:05:58 CST
- Next message: Mark.Teicherpredictive.com: "Re: IDS: RE: IDS for Win2k -reply"
- Previous message: Mark.Teicherpredictive.com: "Re: IDS: a novice question. -reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
1. RE: IDS: IDS for Win2k -reply, <SDroskiiss.net>, [Tue, 28 Mar 2000
16:17:44 -0500]
2. Zen Masters was Re: IDS: a novice question. -reply,
<cburneydps.state.ut.us>, [Tue, 28 Mar 2000 11:41:07 -0700]
3. Re: IDS: CERT advisories,.., <cwoodsintrusion.com> [Tue, 28 Mar 2000
08:02:42 -0800]
4. RE: IDS: Intruder Alert -reply, <Kevin.Sanchez-Cherrynasd.com> [Tue, 28
Mar 2000 10:58:46 -0500]
5. RE: IDS: Intruder Alert, <Kevin.Sanchez-Cherrynasd.com> [Mon, 27 Mar
2000 13:52:45 -0500]
6. RE: IDS: Intruder Alert -reply, <CrumrineGLstate.gov> [Mon, 27 Mar 2000
12:01:12 -0500]
RE: IDS: Intruder Alert -reply, <Kevin.Sanchez-Cherrynasd.com>
[Monday, March 27, 2000 9:55 AM]
____________________________________________________________________________
______
Message-ID: <DF3CC311E898D311A3670008C709BD238F0F12msgatl01.iss.net>
From: "Droski, Sheila (ISSTexas)" <SDroskiiss.net>
To: "'Mark.Teicherpredictive.com'" <Mark.Teicherpredictive.com>,
Greg Shipley <gshipleyneohapsis.com>
Cc: FMartinspt.imshealth.com, idsuow.edu.au
Subject: RE: IDS: IDS for Win2k -reply
Date: Tue, 28 Mar 2000 16:17:44 -0500
I'm guessing you copied me for some feedback on this Mark. For those of you
who don't know me, I'm part of the product management team for RealSecure.
I'll give you a three part answer here...
1. The official answer is that we are working towards supporting this
platform, for both host and network based IDS sensors, by the end of the
year. That is a "worst case" timeframe and we're doing everything we can to
push that schedule to an earlier date.
2. The unofficial answer is that we already have multiple customers running
the Network Engine (soon to be renamed as the Network Sensor) successfully
on Windows 2000, even though it is not officially supported. You may say,
"if it's working, why not say it's supported". The answer is that ISS is
committed to quality and we won't say anything is supported until we've put
it through extensive QA and testing.
3. The System Agent (soon to be renamed the OS Sensor) is a little tougher
because Microsoft made non-trivial changes to their OS error codes. We've
run the NT System Agent on Windows 2000 in our labs. We were able to use the
host IDS on
W2K, but we were missing W2K-specific events. Also, some of the old events
were not parsed correctly because the old NT error codes are different in
W2K. Our research team has completed the listing of new W2K error codes for
our Savant guide so now it's just a matter of making the changes in the
product. Believe it or not, just figuring out what all the new error codes
are (many not documented by Microsoft) was the hard part!
hope that helps...
-----Original Message-----
From: Mark.Teicherpredictive.com [mailto:Mark.Teicherpredictive.com]
Sent: Tuesday, March 28, 2000 2:23 PM
To: Greg Shipley
Cc: FMartinspt.imshealth.com; idsuow.edu.au; sdroskiiss.net
Subject: Re: IDS: IDS for Win2k -reply
Not sure when ISS RealSecure will be shipping their Win2k version of the
detector???
/m
Greg Shipley <gshipleyneohapsis.com>
Sent by: owner-idsuow.edu.au
03/27/00 02:20 PM
To: "Martins, Fernando (Lisbon)" <FMartinspt.imshealth.com>
cc: idsuow.edu.au
Subject: Re: IDS: IDS for Win2k
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
----------------------------------------------------------------------------
-
On Mon, 27 Mar 2000, Martins, Fernando (Lisbon) wrote:
> I wonder if there is allready available IDS's for Windows 2000 Servers?
> Any known NT version of a IDS tested on win2k?
> It doesn't matter if it is freeware, shareware or comercial ... anything
> that can work in win2k is wellcome =)
> (info on other win2k security apps will be appreciated too)
Ok, I've got to ask - why on earth would you want to run an IDS on win2k?
Have you not heard enough horror stories already? Hell, win2k can't even
handle DNS properly!!!! Or at least, from a network perspective.
If you are forced to deploy win2k I guess maybe having a host-based
product might be helpful.
Quivering at the thought,
-Greg
____________________________________________________________________________
______
Message-Id: <s8e09b6b.013email.state.ut.us>
Date: Tue, 28 Mar 2000 11:41:07 -0700
From: "Carl Burney" <cburneydps.state.ut.us>
To: <JohnNicholsonaol.com>, <Mark.Teicherpredictive.com>
Cc: <Valerie.Blanchardpredictive.com>, <CrumrineGLstate.gov>,
<idsuow.edu.au>
Subject: Zen Masters was Re: IDS: a novice question. -reply
I've been working in computer security since the mid-80's, and I've only =
met one self-proclaimed security guru. He was a fellow consultant with =
Axent. He defined a guru as: General Understanding, Relatively Useless. =
He was.
(Keep monitoring this mailing list, I think it will be readily evident who =
some of the security real experts are.)
clb
>>> <Mark.Teicherpredictive.com> 3/28/00 10:14:10 AM >>>
Archive: http://msgs.securepoint.com/ids=20
FAQ: http://www.ticm.com/kb/faq/idsfaq.html=20
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html=20
HELP: Having problems... email questions to ids-owneruow.edu.au=20
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au=20
---------------------------------------------------------------------------=
-- OK, there must be a couple of pro-claimed security gurus out there?? I=20 have seen books published by people I used to work with that claim to = be=20 "Security Experts" . I tend to define a "Security Expert" like Keanu=20 Reeves (aka Neo) discovers himself to be in the movie the Matrix. "So=20 you're the one" claims Cypher "Boy that must be mind blowing." "I bet you should have taken the Blue=20 pill instead of the Red pill now" says Cypher../mht
JohnNicholson
=20 To: Mark.Teicher
In a message dated 3/28/2000 11:31:30 AM Eastern Standard Time, Mark.Teicher
> The other question is what is the definition of a "Security guru" I=20 tend > to see that word used but haven't met many of them... Can you provide a > list of for those of us who aspire to become one can somehow pick the > brains of a security guru ??:) (Tongue in cheek )
It's kinda like the definition of a zen master. No one who is actually a master would call themselves a master, because only the true masters understand and appreciate how much they don't know.
John
____________________________________________________________________________ ______
Message-ID: <38E0D7A2.C73B478D
Hi, May I suggest that you surf your way out to http://www.cve.mitre.org/ . You may find much useful information there. Most of the IDS vendors (like us) go there to synchronize and share info. Another site you may try is http://www.gidos.org/ for CIDF, a more technically oriented IDS site where an attempt is being made to completely automate the info sharing process.
-Craig.
-- Disclaimer: The above represents only my personal comments and does not represent an official position of my employer, Intrusion.com, Inc.
Koriun Margaryan wrote: > > Archive: http://msgs.securepoint.com/ids > FAQ: http://www.ticm.com/kb/faq/idsfaq.html > IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html > HELP: Having problems... email questions to ids-owner
Date: Tue, 28 Mar 2000 10:58:46 -0500 From: "Sanchez-Cherry, Kevin" <Kevin.Sanchez-Cherry
I also agree that there are problems with support and that the GUI for ITA 3.0.1 needs some improvement. Overall, I have been pleased with ITA's performance, and have not had any system problems. One thing you want to make sure of, is to go through full dev and/or QC testing of system performance and benchmark everything before install, after install without any policies and after install with a minimum set of policies on. A problem here was that some system people said ITA cause a performance hit, but they provided no documentation, and I unfortunately having inherited the ITA project, didn't have any documented tests showing the impact of ITA under certain circumstances. I still recommend ITA to anyone wanting to use host based IDS.
-----Original Message----- From: Mark.Teicher
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner
ESM 5.01GA had some other issues regarding the HP-UX 11.0 platforms, and Digital Operating Systems.. The documentation set is somewhat disorganized and some of the operating system syntax is not quite correct, close but not correct.
ITA 3.01GA has the same nuances as Axent ESM suite, but needs drastic improvement in the GUI, and documentation.
/mark
____________________________________________________________________________ ______
Date: Mon, 27 Mar 2000 13:52:45 -0500 From: "Sanchez-Cherry, Kevin" <Kevin.Sanchez-Cherry
It is possible to perform remote installs of agents if you also use Tivoli remote product. With the current version of ITA (3.0.1) it is possible to remotely update existing agents, but you are correct that there is no ability to remote install a new agent. It would eliminate the need for purchasing a remote product like Tivoli, but we purchased Tivoli for enterprise system monitoring after having installed ITA, so it worked out for us.
-----Original Message----- From: Amy [mailto:exntrc1
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner
Originally we had been told that it was possible to do remote installs of agents from the management console, but this was not true. When I submitted a product modification request I received no feedback, but about a month later received a terse "rejected" e-mail. This type of issue makes it nearly impossible to roll-out enterprise-wide...
We are using it in our Unix environment as the NT group is married to the Mission Critical products. However, our implementation will likely remain small as I have been less than impressed with support and customer service.
--- Chad Harrington <charrington
===== ~*~*~*~*~*~*~*~*~*~*~ Queen of all I survey ~*~*~*~*~*~*~*~*~*~*~
__________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
____________________________________________________________________________ ______
Message-ID: <7055B446C24AD2118CC000805F156594029A6D3D
Mark is too modest.. but I agree with him on the AXENT issue. But for totally different reasons. The biggest decision point that I based my selection on is the ability to purchase a suite of products that work together seamlessly, and provide me with both host based and network based protection. When added to their webnot, policy checker, and Raptor firewall, it puts together that one stop shopping I am looking for and I know that all the time I would have to spend making it all work together is saved. If I have a problem, I call support and they jump right on it.
My only complaint, is the costs involved. But AXENT is moving to solve that issue too, when they release the COBALT box later this year. I don't think it will be too much longer before we see a product hit the market that encompasses all the parts needed in one product. I think the only thing that may be holding them back right now is that the IDS as an industry is in it's infancy, and until it stabilizes and is accepted with the same fervor that firewalls are, it will be sold as a separate product. But, as I said before 2 years ago, with sales comes research, and better products. And with better products, comes more sales... they will catch up... and sooner the better I say. Now if they would just incorporate log analysis like webtrends, and maybe virus scanning.... hmmmm hey let's shoot for the moon.....right?
> -----Original Message----- > From: Mark.Teicher
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity.
- Next message: Mark.Teicherpredictive.com: "Re: IDS: RE: IDS for Win2k -reply"
- Previous message: Mark.Teicherpredictive.com: "Re: IDS: a novice question. -reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]