The Robert Graham presentation is excellent. I am a long time user of SNORT and it clearly shows the differences between GREP and FGREP, ISS clearly has an advantage in the market space. You will need to know this information if you want to prevent attacks that might not have an existing signature. Might have to switch to the Real Secure product.
Kevin Noble GSEC Siemens ICN Service Solutions Tools Team 900 Broken Sound Parkway Bldg. A2 Boca Raton, FL. 33487 http://www.icn.siemens.com -----Original Message----- From: Klaus, Chris (ISSAtlanta) [mailto:[EMAIL PROTECTED] Sent: Monday, March 31, 2003 2:38 PM To: Peter Sundstrom; [EMAIL PROTECTED] Subject: RE: [ISSForum] Two ISS Whitepapers Peter, thanks for the heads up. The document link has been corrected now. The updated RS Server Sensor customization document is at: http://www.issadvisor.com/viewtopic.php?t=204 Additionally, there is a new presentation from Robert Graham on the Evolution of IDS. The presentation is described as: A technical overview of how IDS engines are working and have evolved. This presentation demystifies SECURITY ALGORITHMS. This is intended for sales engineers, but useful for anyone that wants to know how ISS and others detect and protect against attacks. http://www.issadvisor.com/viewtopic.php?t=207 For those with ISS Siteprotector, check out the tutorials at: http://www.issadvisor.com/viewforum.php?f=35 They include tutorials on ISS SiteProtecter installation, user management, asset configuration, report generation, Peer-2-Peer Policy, Suspect Site Policy, Instant Messaging Policy, and automated email reporting. They include plenty of step-by-step screenshots. > -----Original Message----- > From: Peter Sundstrom [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 30, 2003 7:10 PM > To: Klaus, Chris (ISSAtlanta); [EMAIL PROTECTED] > Subject: RE: [ISSForum] Two ISS Whitepapers > > > I've been trying to download the server sensor document for a > few days now without success. > > Has anyone else managed to get a copy? > > -----Original Message----- > From: Klaus, Chris (ISSAtlanta) [mailto:[EMAIL PROTECTED] > Sent: Sat 29/03/2003 2:28 AM > To: [EMAIL PROTECTED] > Cc: > Subject: [ISSForum] Two ISS Whitepapers > > > Customizing RealSecure Server Sensor. Good paper > showing how to write your own rules to cover all kinds of > applications and their security based events into the ISS > protection platform. > http://www.issadvisor.com/viewtopic.php?t=204 > > Migration from RS Workgroup Manager to ISS > SiteProtector. A good paper on how to migrate to ISS SiteProtector. > http://www.issadvisor.com/viewtopic.php?t=189 > > There's a bunch of other ISS whitepapers on Web based > assessments, SQL Injection, GSM Cellular security, etc at: > http://www.issadvisor.com/viewforum.php?f=36 > > > > ************************************************************** > ********* > > * Christopher W. Klaus > * Founder and CTO > * Internet Security Systems (ISS) > * 6303 Barfield Road > * Atlanta, GA 30328 > * Phone: 404-236-4051 Fax: 404-236-2637 > * web http://www.iss.net <http://www.iss.net/> > * NASDAQ: ISSX > * Internet Security Systems ~ The Power To Protect > > > > _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
