TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

Rajesh

There are several issues around this - especially if you plan to just have one
console (eg how you manage the keys for different users). One approach I've seen
is to have one console which has, and keeps, master status for all sensors -
then have another console which is able to monitor sensors but cannot claim
master status because it is already taken. However you need to back this process
up with reliable procedures. Whatever you do, whether you just have one or
multiple consoles, you should also bear in mind the possibility of users editing
policy files on the console themselves (if they're malicious) so even if they
can't apply the new policy, their changes may be picked up the next time YOU
apply the policy. It depends whether you want to protect against casual
reconfiguration or deliberate malicious reconfiguration. One issue with multiple
consoles is that you need to co-ordinate where you keep the true/live policies,
else you risk having multiple policies at different levels.

Jason

On Tue, 14 May 2002 11:38:07 +0530, you wrote:

>
>HI,
>
>We are using Real secure 6.5 WGM and Network Sensors, we are planning to
>give the console to 24X7 NOC Team for monitoring the events. But I don't
>want them to edit the policies or any events. Is it possible to install
>a console in a separate system with Read Only rights ( like in Firewall
>1 Management console)?
>
>Waiting for your reply
>
>With Regards
>Rajesh Vasudevan
>Security Operations
>Wipro Technologies
>Bangalore
>India
>Ph: 91-080-8520408 Extn: 5138
>

Jason Renard

Warning - all views expressed are my own.
I cannot guarantee the accuracy of everything
I've said - use it at your own risk.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]