NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > ISS> 2003-q2

RE: [ISSForum] Alerting thru ISS real secure sensor 7.0

From: Derek Winkler (dwinkleralgorithmics.com)
Date: Fri May 16 2003 - 10:11:30 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You've got an odd setup here.

Generally you use stealth mode to keep the sensor off of public segments but
still be able to monitor them. There's other reasons to use it as well.

You've got your sensor monitoring a private segment with a public IP
address.

What is the purpose of the 10.x.x.x segment?

What is the purpose of the 20.x.x.x segment?

What is the purpose of using stealth mode?

Maybe you should consider moving both the sensor and the WGM manager onto
the 10.x.x.x segment.

You can still use stealth mode but connect both the sensor and the WGM to
the 10.x.x.x segment.

You could also connect your 20.x.x.x segment to your router or firewall to
give access to the paging segment.

In your diagram, the 20.x.x.x segment isn't connected to anything and can't
route traffic except locally.

AFAIK the sensor doesn't send alerts on behalf of WGM, it sends the alerts
directly itself, the alerting can be configured on the WGM.

-----Original Message-----
From: ISSQuestion [mailto:issquestionhotmail.com]
Sent: Thursday, May 15, 2003 9:26 PM
To: issforumiss.net
Subject: [ISSForum] Alerting thru ISS real secure sensor 7.0

Hi All,

Firstly, it is the ISS sensor that is sending out the alerts, right?

secondly, if the iss sensor is sending out alerts for the WGM, consider this
scenario.

I have a sensor which has two interface, one reporting and one sniffing.
So my reporting interface has an IP of 20.x.x.x.

And it is sniffing on the 10.x.x.x segment.

So how am i able to send out an alert in that case? It simply can't route
to the paging segment.

attached is a scenario of what I am facing.

Please enlighten.

My scenario:-

my sensor is install on nokia ip350 box. Real Secure Network Sensor 7.0
WGM 6.7 SR1 installed on a windows platform, w2k server, on a HP proliant,
with 512MB RAM, 32 GB harddisk.

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]