OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: dcdave (dcdaveatt.net)
Date: Tue Jul 10 2001 - 14:15:49 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    As an ISS senior pro-serv top-gun for a couple of years, and a certified ISS
    trainer, I got a lot of experience with RS and it's development paths, etc.
    There are solutions for most problems - the heavy traffic situation usually
    just requires more processing power to handle. The developers are actively
    working to keep the design scalable to the future (with more or less
    success).
    I am looking for a strategy which incorporates some Black Ice technology to
    start appearing in future versions of RS.
    I know RS is capable of doing more things than most people know about, thus
    the training recommendation. I also know the development team is committed
    to the marketplace, which is good (in picking a product with longer
    life-cycle) and bad (try to get a sensor running on an obscurix station, or
    a console on anyix).
    If you want specific info, please feel free to let me know off-line.
    dcdave
    Dave Druitt
    Senior Security Engineer
    Director, Latin Americas
    Info Sec Group
    ----- Original Message -----
    From: "Eric Maiwald" <emaiwaldfred.net>
    To: <tracyloweinzen.com>
    Cc: <focus-idssecurityfocus.com>
    Sent: Tuesday, July 10, 2001 11:49 AM
    Subject: Re: RealSecure

    > On 10 Jul 2001 tracyloweinzen.com wrote:
    > > My company is considering purchasing ISS's
    > > RealSecure v6.0.
    > >
    > > Does anyone have firsthand information about this
    > > product?
    > >
    > > I am interested in knowing the pro's and con's of the
    > > product's overall performance as well as how
    > > effectively it handles heavy traffic.
    >
    > My company is an ISS partner and we resell, install, and we
    > also manage it for our clients. I have been playing with 6.0
    > for some time now. Hopefully, this is what you are looking
    > for.
    >
    > Overall the GUI, reporting and configuration of the system is
    > very easy (just follow the instructions as the sequence is important).
    >
    > Out of the box, the system has a number of attack signatures that
    > are useful. It also has a number of signatures that are not very
    > useful (syn flood comes to mind). It is important to take the time
    > to understand what the system can do and what it can tell you.
    >
    > Aside from the existing signatures, you also have the capability
    > to define your own connection events, filters, and events. All of
    > these events can be sent to the console and to email for notification.
    >
    > If you have more detailed or specific questions, feel free to ask.
    >
    > Eric
    >
    > ---------------------------------------------------------------------
    > Eric Maiwald, CISSP emaiwaldfred.net
    > Chief Technology Officer 301-977-6966
    > Fortrex Technologies, Inc. Gaithersburg, MD
    > ---------------------------------------------------------------------
    >
    >