OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: Installing RealSecure Questions -reply
From: Mark.Teicherpredictive.com
Date: Wed Apr 12 2000 - 20:07:37 CDT

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

Again,

Deviation from the recommended procedures should be only applicable to
service packs and specific hardware that will be used to host the ISS
RealSecure Agents, Detectors and Console.

Using the SANS Securing Windows NT guide can sometimes tighten the box and
affect the communications between the detector and the console. Yes, I
have implemented ISS Real Secure detectors and Console using both methods,
and found some noted shortcomings in the SANS Securing Windows NT Guide.
Sorry :(

/m

Al_Weveramway.com
Sent by: owner-issforumiss.net
04/04/00 09:30 AM

 
        To: MTalor00aol.com, issforumiss.net
        cc:
        Subject: RE: Installing RealSecure Questions

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

Mark,
To harden our systems we used a combination of Micro$oft security
recommendations and a paper available from SANS called Securing Windows
NT.
http://www.microsoft.com/security/default.asp
http://www.sans.org

Best regards,
AW

MTalor00aol.comiss.net on 04/03/2000 05:20:03 PM

Sent by: owner-issforumiss.net

To: issforumiss.net
cc:

Subject: RE: Installing RealSecure Questions

Someone had mentioned that I should harden my OS before I install the
actual RealSecure software. Does anyone have any sites that I could go to
for a reference or some general tips I should consider?

Mark

Return-Path: <LINCOLNHhood-emh3.army.mil>
Received: from rly-zc05.mx.aol.com (rly-zc05.mail.aol.com [172.31.33.5])
by air-zc03.mail.aol.com (v70.20) with ESMTP; Mon, 03 Apr 2000 16:51:03
-0500
Received: from n3cdoimmail200m.hood.army.mil
(n3cdoimmail200m.hood.army.mil [150.114.100.200]) by
rly-zc05.mx.aol.com (v70.21) with ESMTP; Mon, 03 Apr 2000 16:50:47
1900
Received: by hood.army.mil with Internet Mail Service (5.5.2650.10) id
<2GZ27QFV>; Mon, 3 Apr 2000 15:47:21 -0500
Message-ID: <82486B3C76CAD21185320090272A7C41038E9188N3CDOIMMAIL120M>
From: "Lincoln, Harvey SFC--G6" <LINCOLNHhood-emh3.army.mil>
To: "'MTalor00aol.com'" <MTalor00aol.com>
Subject: RE: Installing RealSecure Questions
Date: Mon, 3 Apr 2000 15:47:02 -0500
X-Mailer: Internet Mail Service (5.5.2650.10)

The IDS should be placed behind the Firewall so it can detect anything
that
might get through the firewall

-----Original Message-----
From: MTalor00aol.com [mailto:MTalor00aol.com]
Sent: Tuesday, March 28, 2000 12:02 PM
To: idsiss.net
Subject: Installing RealSecure Questions

I'm going to install RealSecure in our dmz network, and I was
contemplating
on whether or not the IDS should be sitting outside or behind our
firewall.
My objective is to monitor traffic targeting our web servers. Does anyone
have any insights on the pros and cons as to where the IDS should be
placed
on the network?

I'm getting ready to install the RealSecure console and engine. Does it
matter if I do that first, then set up the machines in promiscous mode or
should I set up the machine so that it is dual-homed and then install the
console and engine software?

Also, does anyone know of any known vulnerabilities that should be fixed
before I place the IDS in a production environment? If I place the
machine
outside our firewall should certain ports be disabled? Do certain ports
also
need to be diabled if the RealSecure box is sitting behind our firewall?

Sorry for the long list of questions, but any help would be appreciated.

Thanks,
Mark