Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Jason Renard (jason.renardmail.com)
Date: Fri May 25 2001 - 15:19:13 CDT
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
A good summary there from Jim Lindley!
A few extra things I'd add:
- Watch for change-control, obviously, especially if you might have a
couple of consoles being used for a period of time. Make sure you know
which console is being used to apply policies and try to enforce that.
Well, okay, Jim pointed that out too but there's no harm repeating it.
- Try to estimate the number of logs being written by the combined
number of sensors, and allow for that in terms of disk space and
archiving frequency on your console. Also, I guess, in terms of CPU
and elapsed log synchronization time.
- Remember that Policies and Responses are different. You can pull a
policy from a sensor, and apply it elsewhere, but i'm not sure you can
pull RESPONSES from a sensor (well, okay, possibly via enginemgr). In
any case take great care with this, especially as you might want to
swap the Email gateway or SNMP server name being used by some sensors;
just doing a policy-apply won't do that.
- So it's worth reviewing the Global Responses on the console which
you intend to phase out -- and understanding whether any of the
policies make use of user-defined responses.
- Um, check console XPU levels and all the usual stuff. If you play
around with makekeys, and have some users who don't have a full set of
keys, and some of the new sensors were installed with a different CSP
order then you MIGHT have a few issues but I think you'd be unlucky if
- Check none of the other sensor daemons were configured to run on
weird ports, else you may need to change the port number used by your
Well that's all that springs to mind at the moment.
>Caveats with Option 1 are 1) you've copied the new Master's AUTHENTICATION
>key to the appropriate sensor's keys\<CSP> sub-directory (NOT the License
>Key, as that goes ONLY on the console), 2) the console will handle the alert
>traffic load, 3) after you sucessfully connect with a sensor, use the sensor
>properties dialog box to SAVE the sensor's current policy file onto the
>console (be careful not to overwrite any policy file with the same name but
>BTW: the IP ranges/addresses are irrelevent to RealSecure. Every RS
>license covers 0.0.0.0 - 254.255.255.255, it's the DEVICE count that
Jason.Renard at Mail.Com
Warning - all views expressed are my own.
I cannot guarantee the accuracy of everything
I've said - use it at your own risk.