TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Although it would be foolish to believe that someone could possibly know
about every vulnerability, I would hope that a person deploying a product
like ISS RealSecure
would have the professional forethought to take this upon himself. Anyone
that relies on a vendor to ensure his/her network security is kidding
themselves, and network based IDS is cool, but should in no way be
treated as the end-all to securing ones environment. I would hope that
something like the RDS vulnerability has been previously identified by a
routinely scheduled assessment or penetration test, and taken care of at
the server.
This makes the need for an RDS signature a moot point.
Scott Renegar
Lead Information Security Specialist
Federal Reserve Banks
|--------+----------------------->
| | David Kennedy|
| | CISSP |
| | <david.kenned|
| | [EMAIL PROTECTED]> |
| | Sent by: |
| | owner-issforu|
| | [EMAIL PROTECTED] |
| | |
| | |
| | 11/07/00 |
| | 01:42 AM |
| | |
|--------+----------------------->
>-------------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: "Eng, Audra" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED] |
| cc: [EMAIL PROTECTED]
|
| Subject: RE: Fate Research Labs posting: RealSecure or Real"un"Secure
|
>-------------------------------------------------------------------------------------------------------------------------------------|
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
At 03:35 PM 11/6/00 -0500, Eng, Audra wrote:
>
>2. We released alerts for RDS and IIS Unicode
>
>User-defined signature for RDS hole, August 9, 1999:
>http://xforce.iss.net/alerts/advise32.php
>
>User-defined signature for Unicode hold, October 26, 2000:
>http://xforce.iss.net/alerts/advise68.php
>
Would someone purchasing Real Secure in, for example, August of 2000
need to know to go back and look up a year old advisory and add the
user-defined signature? What tells him to?
Or someone who signs up today, to look up the one from two weeks ago
and add it?
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: How long has it been since you backed up your hard drive?
iQCVAwUBOgeyVfGfiIQsciJtAQHDrAP5ARU9VtD+xEpivB5W2drfs0gEUp2jJ7Tq
IixNCTxcjXeVCwUwZFBQKxAD2kdnOtbv89BcL6GNSLCzOjRKblFsu25WrnQHzHK0
MHizyHUToq+rQsHJBzh4lWYfpqe/klifTgLZqwnx3XOMCZRABvtDDebd/3hzhHlv
CwOkOsT3Q0I=
=StEB
-----END PGP SIGNATURE-----
--
Regards,
David Kennedy CISSP
Director of Research Services, TruSecure Corp. http://www.trusecure.com
Protect what you connect.
Look both ways before crossing the Net.
