TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
----- Original Message ----- From: "REMY Vincent" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, November 05, 2001 1:06 PM Subject: Help on RealSecure implementation !! > Hi all, > > I have some question about ISS RealSecure 6.0 : > > - How to argue the choice of the ISS RealSecure solution with regard to the > Cisco NetRanger solution ? Cisco' solution is based on the Wheelgroup product - it has been greatly improved, but is behind ISS product in revision level and functionality, IMHO. > - Can you give me an average evaluation of streams between : > + Sensors and event collector ? This will depend entirely on the type and quantity of traffic on your network which you are parsing throught the sensors and taking the action of sending to the event collector. This usually works best with some expert tuning (by expert I mean someone familiar with how the sensors work, what false positives are generated, what thresholds are reasonable for your environment, what threats you face, and a few other factors). The main factor here is the human factor - that is, the stream of data is not usually significant on the network, but can easily be more volume/time unit than a human can manage. > + Sensors and GUI See above > + Event Collector and GUI See above This will depend on the size of the chunk of data you wish to view at a time and the horsepower of the viewer (GUI processor(s)). > - On a Nokia, is it interesting to install a manager, or it is better to > install a Network Sensor ? I can only think of one situation in which it could be considered useful to install a manager on the Nokia. Typical use of the Nokia appliance would leave all possible processing power available to the Sensor. Don't install any other applications at all which might a) be vulnerable and b) use up valuable processing cycles. > - Is it possible to install 2 Sensors on a Nokia 330 ? It is possible to install two sensors on any operating system which accepts two NIC cards... once again, the better solution for processing power and memory use is two Nokias, IMHO... > - What is the size of the signatures database ? If this matters to you, you do not have enough space for it <smile> > - What do you think about of the implementation of 2 Network Sensor (One in > frontal bone of internet and one in the frontal bone of the intranet) ? This is a religious question - the purist answer is that it is better to have a sensor on any and every possible portion of the network, including hosts... There was a reasonably good discussion of this topic on this list a couple of months ago, check the archives. Generally speaking, the internet location you mention is useful to determining attacks which should be stopped by a firewall (in most cases), and as such is a luxury to most businesses. I love knowing who is knocking on the door, personally... > > I need answers within 12 hours. Please help me.. How was the one-hour turn-around? If you need more detail, let me know, or call your ISS service rep.... dcdave > > Thanks a lot.. > > Vincent REMY
