Which Proventia are you talking about?
Jean Paul
-Original Message-
From: john greene [mailto:[EMAIL PROTECTED]
Sent: domenica 8 giugno 2003 15.54
To: [EMAIL PROTECTED]
Cc: Rouland, Chris (ISSAtlanta)
Subject: [ISSForum] Proventia ports ?
The Proventia has 4 ports. does it have another
Deniz,
You can do this with Server Sensor and Fusion Scripting (aka SecureLogic).
Jean Paul
-Original Message-
From: Deniz CEVIK [mailto:[EMAIL PROTECTED]
Sent: martedì 24 giugno 2003 12.35
To: [EMAIL PROTECTED]
Subject: [ISSForum] Signature
Hi,
How can I define a signature that will
Title: Message
The
exact order to do what and avoid what?
Typically you should stop the sensors first,
Application Server and DB Server at the end.
Jean Paul
-Original Message-From: xpid iss
[mailto:[EMAIL PROTECTED] Sent: giovedì 25 settembre 2003
05.03To: [EMAIL
You can also save the active policies from the sensors.
I understand it might be only a small part, but as Stephen said, to have them all you
should restore the DB on a spare machine.
Jean Paul
-Original Message-
From: Stephen Cooper [mailto:[EMAIL PROTECTED]
Sent: giovedì 25 settembre
Title: Message
Eric,
You
need to apply the XPUs on the local console as well because that will update the
local DB.
Hope it helps.
Jean Paul
-Original Message-From: Lewis, Eric
[mailto:[EMAIL PROTECTED] Sent: martedì 30 settembre 2003
15.03To: [EMAIL PROTECTED]Subject:
Title: Message
Why
are you trying this?
EventCollector is extrememly performant and I cannot
think of a scenario where this is needed.
Jean Paul
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent:
mercoledì 8 ottobre 2003 11.01To:
[EMAIL
Title: Message
Only if you enable password brute-forcing and there is a lockout
mechanism.
Jean Paul
-Original Message-From: Fabio A. Bicudo
Duarte [mailto:[EMAIL PROTECTED] Sent: venerdì 10 ottobre
2003 19.13To: [EMAIL PROTECTED]Subject: [ISSForum]
Database Scanner
Certainly performance.
You would run the risk of dropping packets in case of simultaneous network load scan.
Furthermore, I don't think this is supported.
Jean Paul
-Original Message-
From: Peter Goldis [mailto:[EMAIL PROTECTED]
Sent: giovedì 16 ottobre 2003 16.33
To: ISSFORUM (E-mail)
location, but you also have to run it on a box
that has Internet access in order to download the udpates.
[Ballerini, Jean Paul (ISS EMEA)] You don't have to run the MU twice. Once it has run on your machine connected to the Internet, you just have to copy the xml files and the update directory
Title: Auto report generation
What
product are you referring too?
Jean Paul
-Original Message-
From:
[EMAIL PROTECTED] On Behalf Of SQMA
(Søren Maigaard)
Sent: lunedì 24 novembre 2003
11.00
To: [EMAIL PROTECTED]
Subject: [ISSForum] Auto report
generation
After each scan,
Jim
If you make a fresh install with SP3 you don't need to enable DB-Chaining anymore.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Mohr James
Sent: martedì 25 novembre 2003 14.19
To: [EMAIL PROTECTED]
Subject: AW: [ISSForum] Installing MSDE SP3a - Revisted
Well, I
Bojidar,
On the machine running System
Scanner youll have to install the System Scanner Databridge; this
will make sure that the result of all checks (vulnerable or not
vulnerable) is sent to the RSSP
database.
I dont think you can
trigger more scans at the
If you are using SiteProtector there is no problem at all as you open an SSL
connection within you console (whatever IP) and the Application Server.
If you are using WGM, you should move to SiteProtector.
I hope it helps.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf
Bojidar,
Neither your Proventía nor SiteProtector can really split the traffic based on the
card that collected the event. Within SiteProtector you can create a tree structure
that with DMZ internal; when you are positioned on those segments, with analysis
view set to Source/Destination
Bernard
1. The system requirement for RSSP refers to the console needed to
manage the component. It does NOT mean they have to run on the same HW.
2. Why do you want to install it without using Deployment Manager? The
big advantage of using DM is that the installed module is automatically
added
It is not a supported solution.
I read a once a description of how to try to make it work, but I don't
think it is worth the time you're going to spend.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of joe jett
Sent: Friday, March 12, 2004 12:51 PM
To: [EMAIL PROTECTED]
Matthew,
No it is no longer possible. This option has been removed when
management has been ported to SiteProtector. From the conversations we
had with customers, this was the less interesting options to have ported
compared to other features with built in.
Regards,
Jean Paul
-Original
One way is, working directly on the server, to shutdown issdaemon, in
the sensor directory delete the current.policy, then restart the demon.
It will come up with default.policy (which is the one it takes after the
install).
Hope it helps.
Jean Paul
-Original Message-
From: [EMAIL
No longer.
Now it is under DRIVE:\Program Files\ISS\RealSecure
SiteProtector\Application Server\webapps\dmdocroot\extras
You'll find 3 files:
- libxml2.dll
- libxml.dll
- ManualUpdgrader.exe
You can copy them anywhere you want. The first time it'll ask for a
license key and then start working.
this into
account.
I hope it helps.
Jean Paul
-Original Message-
From: Sergey V Soldatov [mailto:[EMAIL PROTECTED]
Sent: Friday, April 09, 2004 1:03 PM
To: Ballerini, Jean Paul (ISS EMEA)
Cc: [EMAIL PROTECTED]
Subject: RE: [ISSForum] Help with SiteProtector
Yes, that is right
Brad,
You have to redistribute all key and it will work.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of morris brad
Sent: Wednesday, May 05, 2004 10:06 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Registering preexisting sensors on a new install of
siteprotecto r.
With SP3 it has moved to \ISS\RealSecure SiteProtector\Application
Server\webapps\dmdocroot\
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Howard, Jim(ISS
Atlanta)
Sent: Tuesday, April 27, 2004 12:33 PM
To: [EMAIL PROTECTED]
Subject: RE: [ISSForum] mini manual XPU
Miguel,
You are right; it is not possible with Network Sensor. You need to use either Server
Sensor on the web-server itself or an external SSL accelerator and sniff the traffic
between the accelerator and the web-server.
I hope it helps.
Jean Paul
-Original Message-
From: [EMAIL
Of Tod Beardsley
Sent: Friday, May 28, 2004 2:42 PM
To: Ballerini, Jean Paul (ISS EMEA); [EMAIL PROTECTED]
Subject: Re: [ISSForum] RealSecure Network Sensor 7.0 Performance Stats
On Thursday 27 May 2004 07:57 am, Ballerini, Jean Paul (ISS EMEA) wrote:
IDS/IPS has a declared maximum speed. Beyond
Bojidar,
Is the database running on a supported OS?
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Bojidar Tzendov
Sent: Wednesday, June 09, 2004 8:35 AM
To: [EMAIL PROTECTED]
Subject: RE: [ISSForum] Database Scanner Error
Importance: High
Hi,
Thank you for the
You uninstalled and re-installed MSDE without uninstalling System
Scanner?
I doubt very much that this is going to work.
I don't think any software is really worried about where the DB is
physically because it uses ODBC connections. The problem is that all
that had been installed in the DB in the
If they use all the same policy, you can put the parameter in the policy
(and not in the advanced parameters of the properties). Afterwards you
right-click on the site, Network Protection - Network Sensor - Apply
Policy.
Another way is to modify the policy via Sensor - Manage - Policy...
Once
Gian Fabio,
It can be greater. Normally the queue doesn't contain many events.
The way to tune it is:
- know how many events per minute you get from the sensor
- know how much time you estimate it would take to restore a situation
where the sensor can communicate with the Event Collector or where
Gian Fabio,
You'll have to monitor with the console and wait some time, e.g. one
week.
Jean Paul
P.S. Where are you located in Italy?
-Original Message-
From: Palmerini Gian Fabio [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 15, 2004 2:28 PM
To: Ballerini, Jean Paul (ISS EMEA
Rob,
To date the evidence raw packets are sent to the DB only by the
appliances.
If you are using the SW version you can only access the file directly.
Any packet monitoring tool will do.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Rob Baxter
Sent: Thursday, July
James,
You have configured your console to show you the number of events since last time you
positioned yourself on that group; it is counting high;medium;low events.
Regards,
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Mohr James
Sent: Monday, July 19, 2004
Howard,
On a productive environment it is highly recommended to use the full
MSSQL Server and not MSDE.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Chan, Howard (Hong
Kong S.A.R.)
Sent: Tuesday, July 20, 2004 3:27 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum]
There is no session playback in SiteProtector.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Johnson, Scott
Sent: Wednesday, July 28, 2004 10:04 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Session playback
My company just upgraded to SP from WGM. Where is the
Mea,
You probably have set a policy to monitor for suspicious HTTP
connections. When you do this, Server Sensor hooks to port 80 and the
Web server can't work.
Suspicious connections can be monitored only for services that aren't
running.
Jean Paul
-Original Message-
From: [EMAIL
Make sure the machine with the console and the machine with the
Application Server have the same time.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Johnson, Scott
Sent: Friday, July 30, 2004 7:04 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Site Manager : Slow to
No it is not.
Internet Scanner loads its own driver.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Gary Flynn
Sent: Thursday, August 12, 2004 12:35 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] XP SP2 Removes support for raw sockets
I've noticed a couple posts
Mustapha,
No there is not.
The only issue you have to manage is that SiteProtector binds to one of
the NICs, hence you'll have to teach the systems how to reach it.
On the segment connected directly to the NIC bound to SiteProtector
you'll have no issue.
On the segments connected to the other
Sergey,
You are correct that it should be able to use multiple NICs without
further issues and we are working on it.
Though you really only need to add a permanent route in order to connect
both to the AS and to the DC. There is no absolute need to install 2
separate DCs.
Jean Paul
This is the list of ATCs
http://www.iss.net/education/locations/emea_atc_locations/listing.php
In UK there is only NetConnect.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Admin
Sent: Monday, September 20, 2004 2:49 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] ISS
You probably are applying a policy that was derived not from the latest one supported
by the sensor. Hence the signature is still part of your policy but it isn't
recognized by the sensor any longer.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Kai,
This is coming with SP5.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Freese, Kai
Sent: Monday, November 15, 2004 4:15 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Logging of SP console access
Hi all,
does anybody know, is anywhere a log where I can find
Yes,
But it is a little long to explain.
Look at the advanced parameters of the events under event propagation.
That is where you can reduce the number of alert (and data stored) per
event. You'll have to use LogFiltered instead of LogWithoutRaw.
Jean Paul
-Original Message-
From:
This is coming in SP2 for Internet Scanner in February.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Dan Widger
Sent: Monday, November 15, 2004 7:50 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Request to interrupt Internet Scanner on long scan?
Is there any means
To: Ballerini, Jean Paul (ISS EMEA); [EMAIL PROTECTED]
Subject: AW: [ISSForum] Reducing the number of events
That means I have to go through every single event and configure it
individually. I was hoping for something global where I could say to simply
ignore *all* low severity events.
Regards
PROTECTED]
Subject: AW: [ISSForum] Reducing the number of events
How does the affect SiteProtector users. (My fault for not specifying which
product I had)
Regards,
Jim Mohr
-Ursprüngliche Nachricht-
Von: Ballerini, Jean Paul (ISS EMEA) [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 17
in this as well. Will we be able to manage it through the
siteprotector console?
Thanks
John McCash
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Ballerini, Jean Paul (ISS EMEA)
Sent: Wednesday, November 17, 2004 2:09 AM
To: Dan
that
this feature was for the appliances. Will there be a new policy editor for
those people with just the software?
Regards,
Jim Mohr
-Ursprüngliche Nachricht-
Von: Ballerini, Jean Paul (ISS EMEA) [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 18. November 2004 14:20
An: Mohr James; [EMAIL
You are correct; this is not available for OS signatures.
Though, may I ask which OS signature is flooding your DB?
Jean Paul
-Original Message-
From: vanskee2 mamen [mailto:[EMAIL PROTECTED]
Sent: Friday, November 19, 2004 2:42 AM
To: Ballerini, Jean Paul (ISS EMEA); [EMAIL PROTECTED
Gary
See answers below.
Jean Paul
-Original Message-
From: Gary Love [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 18, 2004 9:38 PM
To: [EMAIL PROTECTED]
Cc: Ballerini, Jean Paul (ISS EMEA)
Subject: RE: [ISSForum] Request to interrupt Internet Scanner on long
scan?
I've submitted
PROTECTED] Im Auftrag von Ballerini,
Jean Paul (ISS EMEA)
Gesendet: Freitag, 19. November 2004 12:57
An: vanskee2 mamen; Mohr James; [EMAIL PROTECTED]
Betreff: RE: [ISSForum] Reducing the number of events
You are correct; this is not available for OS signatures.
Though, may I ask which OS
The easiest way to compare scan results is to use the baseline option:
You isolate the previous scan using the time filter, baseline it, than
look at the new results. All that is new will be red and all that is
fixed will be blue; should a vulnerability have disappeared completely
you won't see it
Yes, but WGM is no longer supported.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of SC
Sent: Wednesday, December 15, 2004 9:35 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Sensor + WGM on one box
Hi,
Sorry if this has been brought up before however totally new to
This is coming in Service Pack 5 and is called Centralized Alerting.
Regards,
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Ayden Nash
Sent: Monday, December 20, 2004 6:29 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Threshold Alerting
Hi all,
In the ISS roadmap
Moustapha,
When you set up Proventía A you should have inserted the MAC address of the
gateway.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Mustapha Huneyd
Sent: Tuesday, December 21, 2004 7:46 AM
To: [EMAIL PROTECTED]
Cc: ISS Technical Support
Subject:
Desktop Protector doesn't have anything specific against spyware, but the next
release of it Proventia Desktop will do; this is going to happen this quarter.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Jose Morales
Sent: Wednesday, December 22, 2004 5:46 PM
To:
Most likely the problem lies in the memory swapping.
The OS inside VMware swaps and the native OS swaps, they all use the
same drives so they all wait for their turn to do something.
There is a very good reason no to deploy SP in a VMware.
Jean Paul
-Original Message-
From: [EMAIL
Yes there are; I don't have dates we can announce yet, but SUSE is
definitely targeted to become a supported platform.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Jay Ableidinger
Sent: Monday, July 11, 2005 11:38 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum]
Keith,
Your console is likely to be too new. I'd suggest you reinstall the
console from the Deployment Manager and go through the updates.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Turner, Keith
Sent: Saturday, July 09, 2005 4:24 PM
To: [EMAIL PROTECTED]
Subject:
You are aware that you will loose all rights to support warranty, right?
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Castaldo, Benny J
Sent: martedì 16 agosto 2005 15.59
To: [EMAIL PROTECTED]
Subject: [ISSForum] Proventia G in Passive Mode
I have a Proventia G 200
Have a look at the Proventia Desktop Enforcer; not only Proventia Desktop has
to run but you can also enforce AV compliance.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Soldatov, Sergey V.
Sent: giovedì 20 ottobre 2005 15.20
To: Muggli, Roger; [EMAIL PROTECTED]
Andres,
You can do so or simply use a firewall rule.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of Andrés Alberto Hernández González
Sent: mercoledì 23 novembre 2005 19.56
To: [EMAIL PROTECTED]
Subject: [ISSForum] BLOCKING SOBER WORM OVER PROVENTIA G
Hi
Anybody
Tokunbo,
On the download site choose
- Internet Scanner as a product
- Internet Scanner 7.0 SP2 as a version
- X-Press Updates Tab
- go to the last page (indicated as 21-22) and you will find XPU 7.2.1
Kind regards,
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of
Hi Julio,
I normally have it during the trainings and have no issue at all.
Jean Paul
-Original Message-
From: [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: mercoledì 25 gennaio 2006 19.57
To: [EMAIL PROTECTED]
Subject: [ISSForum] Fusion on VMware
Did anybody successfully
63 matches
Mail list logo