TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Things have moved on a bit since my last post ISS support (thanks Nathan) have determined that a policy has been tainted by XPU 4.4, or Console Update 3.1 (which comes from 6.5 XPU 4.4 / 7.0 XPU 20.1), the following happens You can import the policy, but when it is pushed to a 7.0 sensor, all user settings are preserved (UDEs, CE, Packet Filters), but, the stnadrd security checks /decodes/attacks and audits part of the policy is mangled, for example out of say 40-50 backdoor decodes, the new policy has 5 backdoor decodes. Now I am stuck, how does one untaint the policy? Anyone got any ideas? (I even tried unistalling XPU 4.4 and saving the active policy to a console that had never had Console Update 3.1) Stephen >>> "Richard Culshaw" <[EMAIL PROTECTED]> Thursday 04, July, 2002 00:55:43 >>> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hi there, what I found I could do was derive a new policy based on one of the old policies. The new policy would be 7.0 compliant but it would have most of the 6.5 settings including the filters etc. that you had set... That way you can migrate all the old settings basically FYI Richard -----Original Message----- From: Stephen Cooper [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 3 July 2002 8:01 PM To: [EMAIL PROTECTED] Subject: Realsecure 6.5 - 7.0 No policy migration path? TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- I am having massive problems trying to import my NT based Network Sensor 6.5 Policies to my new W2K Network Sensor 7.0 systems. SiteProtector cant do it at all, it simply rejects my old policies when trying to apply them to V 7 sensors. The WorkGroup Manager sort of imports it, but applies the policy to the 7 sensor as if its a 6.5 sensor and you see no new decodes. I cant believe there is no migration path and I have to recreate my NS 7 policies from the beginning. Has anybody had the same experience, or advice they can offer? Stephen Cooper, CISSP Senior Security Analyst Security & Architecture Group Information Technology Services Bank for International Settlements Voice: +41 61 2806792 Fax: +41 61 2809100 DISCLAIMER: Any e-mail messages from the Bank for International Settlements are sent in good faith, but shall not be binding nor construed as constituting any obligation on the part of the Bank. CONFIDENTIALITY NOTICE: This e-mail contains confidential information, which is intended only for the use of the recipient(s) named above. If you have received this communication in error, please notify the sender immediately via e-mail and return the entire message. Thank you for your assistance.
