TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Joe:
If your RS detector requires RS Consoles to authenticate (AND IT SHOULD!!!),
then don't change the console NETBIOS/DNS Name (Hostname). You must also
log in as a user who has previously installed a Console, where the Public
Authentication Key (PAK) file has been copied to the detector. There may be
multiple copies of Console on a single computer OR different user IDs may
over-install the Console several times to generate different PAK files, each
of which has to copied to the detector.
Ideally, to separate Network Operations from Security Operations, you will
install Console on several computers. The Security Manager computer/console
will become the Master COntroller, thus retaining control of all policy,
alert, and data management on the detectors. The other consoles may then be
used by the Network Operations "night watchmen" to see the results of the
policy set by the Security Manager. The watchment will see alerts, etc.,
but will NOT be able to change policy, alter alerts, or pull data from the
detectors. Of course, the Administrators group User ID and password will be
different on each type of console, so that only the Security Policy manager
will be able to log on to the Security Management Console and the Network
Admins will simply use their normal Admin logins.
the PUBLIC AUTHENTICATION KEY generated during RS Console installation
embeds the Console Computer Name and the (installing) User Account ID. When
the RS detectors (NE/SA) require authentication from a Console, the Console
transmits the Console Host Name and the currently logged in User ID to the
Detector. The detector compares those items against the
RS_CON_<hostname>_<userID>_<bitlength>.PUBKEY file that was copied from the
Console. If there is a match, then the three-way handshake and session key
generation proceeds. Note that there may be several authentication files
from the same hostname, each with different users and different cryptokey
bitlengths.
Hope this helps. BTW, when and where did you get your RealSecure training.
If it was from ISS, I will ensure that our instructors make this more clear.
James R Lindley
Senior Security Instructor
Internet Security Systems Inc
678-443-6323
An unquenchable thirst for Pierian water.
-----Original Message-----
From: Joe McMahon [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 09, 1999 7:29 AM
To: [EMAIL PROTECTED]
Subject: Fwd: Re: RealSecure consoles & multiple users
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
This is not what we were led to believe during the
RealSecure training....that's why I ask.
Thanks,
Joe
--- [EMAIL PROTECTED] wrote:
> From: [EMAIL PROTECTED]
> To: Joe McMahon <[EMAIL PROTECTED]>
> Date: Thu, 9 Dec 1999 07:23:38 -0500
> Subject: Re: RealSecure consoles & multiple users
>
>
>
> nope, that is the way it works. If you look at the
> keys, you will note that the
> user id is associated with the key name. The
> process has to run under that
> user.
>
>
>
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one place.
Yahoo! Shopping: http://shopping.yahoo.com
