of real-world pointers on how to make Guard work
optimally.
___
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation
ISS Premier Reseller
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
I hope its okay to make an announcement on this list. Since this is kind
of an ISS event, I figured it would be okay.
(see www.anitian.com\itec2002\ids.htm for more information)
INTRUSION DETECTION SYSTEMS: TODAY TOMORROW
With Martin Roesch Rober Graham
Wednesday December 11, 2002 at 12:30
convenience.
___
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
___
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (MingW32
risk.
Download the PDF paper at:
http://www.anitian.com/corp/papers/IC_Param_Fix.pdf
Download the ZIP file with fixed HTML at:
http://www.anitian.com/corp/papers/icecap-param-fix.zip
If you have any questions, comments contact me at your convenience.
___
Andrew
. Assuming you were using the default port, you would enter the following
URL:
HTTPS://icecap_server_IP:8089
Give it a try.
___
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation
Enterprise Security
Infrastructure Solutions
503-644-5656 Office
. It gathers desktop events and sends
them to an event collector.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
I have run Guard and Senty successfully on other boxes than the Dell or
Compaq. The key issue is the PCI bus speed. You need at least 2 64-bit
PCI buses in the machine and the 3com 3C905C NICs. The new Dell 1750 has
2 64bit slots.
___
Andrew Plato, CISSP
President
?
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
___
___
ISSForum mailing list
[EMAIL PROTECTED
to propagate such customizations to each new version that comes down
from ISS - which can be a pain.
NOTE: None of this is supported by ISS.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821
to write some Dummies
Guide to BlackICE that explains how to do all this cool stuff with
BlackICE. For example - did you know you can feed Snort signatures into
BlackICE? You can. Its easy.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise
. But you have to make sure the version you
build on another machine has the same IP address and XPU levels.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
, no word from ISS on whether the console will be updated to support
1.4.2 (which repairs the security vulnerability.)
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
?
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
___
___
ISSForum mailing list
[EMAIL
service under that account.
Agents generally must be installed on systems with administrative-level
rights. If you do not have admin rights a system, agent installations
might fail.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise
is stripped off the
machine. Then have them run a 7.0 agent build.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
___
-Original Message-
From: Cunningham, Chris, R. [mailto:[EMAIL PROTECTED
The BlackICE engine is used for the network IDS portion of RS Server Sensor and the
firewall.
-Original Message-
From: Mohr James [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 3:45 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] BlackICE on Windows, should only be Server
, not ICEcap.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-644-8574 Fax
503-201-0821 Mobile
www.anitian.com
___
-Original Message-
From: Roser, Ian (UK - Manchester
rules. Nothing, remains in default.
What's weird, is that when we put the virtual range into corpnet - the
agent switches into corpnet just fine.
Has anybody seen this behavior. Do you have ANY suggestions?
Thanks.
___
Andrew Plato, CISSP
President/Principal
None of these options work. The agent stays in the default setting.
___
Andrew Plato, CISSP
President / Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-214-8069 Fax
503-201-0821 Mobile
www.anitian.com
Really? How come this isn't documented anywhere?
___
Andrew Plato, CISSP
President / Principal Consultant
Anitian Enterprise Security
503-644-5656 Office
503-214-8069 Fax
503-201-0821 Mobile
www.anitian.com
Title: [ISSForum] Problems with adaptive profiles for RS Desktop
I thought I would post a follow up to
the forum on this issue, in case anybody has a similar problem.
I was able to resolve this issue with the help of ISS
support. I want to thank Bill Sieczko for taking the time to
it happier.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Brian Kirby
Sent: March 05, 2004 12:39 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum
.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of joe jett
Sent: March 12, 2004 3:51 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] SiteProtector Database on SQL Cluster
and it brings up that
page. You could then link one of the build packages to a logon script.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf
back to
default profile.
One common trip up with this is NATing. If you have remote RSDP agents
coming in over a VPN, if their orignal IP address gets NAT'ed, you have
to make sure the NAT address is in the corpnet range.
___
Andrew Plato, CISSP
President/Principal
.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Poppi, Sandro
Sent: September 01, 2004 5:53 AM
To: ISSforum (E-Mail)
Subject: [ISSForum
was supposed to be bug fixes, but
seems to be creating problems. 7.0 enq doesn't have any new signatures,
so if you're running on 7.0eno, I'd recommend staying there for now.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
). Once you get a feel for the parameters and files, is actually
pretty easy to do.
Oh, and remember to stop and restart your desktop controller after you
have added your new custom version.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise
use the advanced parameters for the sensor, enter a name of pam.trust.pair.
Its a string value. And then the value is ipaddress,signature_id . This should
work.
Andrew Plato, CISSP
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com
Try using the regular trust.pair
Drop it into the blackice.ini.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-Original Message-
From: Michael Nurre [mailto:[EMAIL PROTECTED]
Sent: October 08, 2004 12:33 PM
data and some config
information. It wouldn't be terribly useful to a would be attacker.
There is no way to use SSL between the RSDP and the desktop controller.
Andrew Plato, CISSP
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com
exclusively over port 443. Site Protector
downloads information off the ISS site first using regular old HTTP.
Then it switches over the HTTPS for the actual downloads.
___
Andrew Plato, CISSP
President/Principal Consultant
ANITIAN ENTERPRISE SECURITY
3800 SW
.
___
Andrew Plato, CISSP
President/Principal Consultant
ANITIAN ENTERPRISE SECURITY
3800 SW Cedar Hills Blvd, Suite 298
Beaverton, OR 97005
503-644-5656 Office
503-214-8069 Fax
503-201-0821 Mobile
www.anitian.com
___
GPG fingerprint: 16E6 C5B0 B6CB F287 776E
have to know the in's and out's out SP to do it,
but it can be done. Heck, maybe I should offer a special SiteProtector
Disaster Recovery service. ;-)
___
Andrew Plato, CISSP
President/Principal Consultant
ANITIAN ENTERPRISE SECURITY
3800 SW Cedar Hills Blvd
.
I'd go talk to your ISS rep and see about trading in your 200 for a 604.
You'll be a lot happier.
_
Andrew Plato, CISSP
President/Principal Consultant
ANITIAN ENTERPRISE SECURITY
3800 SW Cedar Hills Blvd, Suite 280
Beaverton, OR 97005
503-644-5656 Office
503-214
just buying an A604 than trying to put
weird interface cards into a G200.
_
Andrew Plato, CISSP
President/Principal Consultant
ANITIAN ENTERPRISE SECURITY
3800 SW Cedar Hills Blvd, Suite 280
Beaverton, OR 97005
503-644-5656 Office
503-214-8069 Fax
503-201-0821
the existing one.
___
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-Original Message-
From: Nicholas Claus [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 25, 2005 4:47 AM
To: issforum@iss.net
Subject: Re: [ISSForum] Black Ice
.
---
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
---
-Original Message-
From: Cunningham, Chris, R. [mailto:[EMAIL PROTECTED]
Sent: Friday, October 07, 2005 6:57 AM
To: Andrew Plato
Subject: RE: [ISSForum
Why not just deploy in-line, but configure for passive monitoring. In
this arrangement, the unit can't block anything and will give you the
functionality you want.
---
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
it.
---
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
---
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Gregory Jansen
Sent
41 matches
Mail list logo