That would be highly dependent on their particular environment and from
experience could very from hours to a day or 2. To me you need to trend
over a longer time for proper tuning to take into consideration the
normally dynamic nature of traffic. If they have already done tuning from
another sensor you might be able to replicate a bit of that assuming that
the segment you are installing on is similar.
Sorry for the "non answer" but it's likely going to take some digging on
your part to develop a better estimate.
Regards,
Chris Norris CISSP
IS Risk and Security Management Team
American Modern Insurance Companies
email: [EMAIL PROTECTED]
"Bill Wharton"
<[EMAIL PROTECTED]
lhost.cjb.net> To
Sent by: <[email protected]>
issforum-bounces@ cc
iss.net
Subject
Re: [ISSForum] ISSForum Digest, Vol
03/17/2006 10:23 26, Issue 8
AM
I'm writing up a proposal for a client to install a Proventia G sensor with
1 segment. It includes deployment of the sensor and tweaking it a little so
that they aren't seeing events they wish to ignore.
How long should such an assignment take?
Thank you
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Wednesday, March 15, 2006 12:01 PM
To: [email protected]
Subject: ISSForum Digest, Vol 26, Issue 8
Send ISSForum mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://atla-mm1.iss.net/mailman/listinfo/issforum
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ISSForum digest..."
Today's Topics:
1. Re: Problemas con soporte (Juan Roa)
2. Re: Problemas con soporte (Javier Reyna Padilla)
3. Re: Better way for scanning Windows than creating an admin
account? (sk00t)
----------------------------------------------------------------------
Message: 1
Date: Tue, 14 Mar 2006 10:59:40 -0400
From: "Juan Roa" <[EMAIL PROTECTED]>
Subject: Re: [ISSForum] Problemas con soporte
To: "E Palacio O." <[EMAIL PROTECTED]>
Cc: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Hi:
I had opened about 10 support cases in the last two months, and we have
very quick response from ISS support ion all the cases.
Do you ever try to open a issue on the web page ? sometimes is faster than
the automatic response.
Unfortunately there is no support in spanish.
Atte
Juan Roa Salinas
Chile
"E Palacio O." <[EMAIL PROTECTED]> on Lunes, 13 de Marzo de
2006 at 13:53 -0400 wrote:
>To all of you outside North America and EMEA:
>Our customers have been experiencing problems to report incidents to ISS,
>1. - There is an automatic response system that takes sometimes a week
>or more to answer.
>2.- The answer is to give an incident number and to request for them to
>repeat what the problem is.
>3.- The anwer has to be given in less than 2 days or the incident is
>closed. In a recent event one of them received the first answer from ISS
>Support after 13 days.
>4. Then it begings the Way of the Cross with one request after the other
>and no answer to the original question or to the original problem.
>5. Then finally and after some arguments you finally get somebody that
>understand the problem and gives you a solution or alternative. This may
>takes several weeks.
>
>My question: Are you suffering the same treatment as we are receiving
>here in M?xico? If not, what are you doing different? Calling by phone
>to suport is not an option to the great majority of our customers that
>only speak spanish.
>
>What is happening to ISS support? The automatic response system just
>stink.
>
>We are open to suggestion and reasonable recomendations.
>
>Thanks and Regards
Juan Roa Salinas
IEI - SOC Senior Manager - SGMS
Phone: (56 2) 6403981, (56 9) 1003695
e-mail: [EMAIL PROTECTED]
web site: www.orion.cl
Orion 2000 S.A. - Chile
Soluciones en Seguridad de la Informacion
Empresa certificada BS 7799:2002 | ISO 9001:2000
----------------------------------------------------
La informacion contenida en esta transmision es confidencial, amparada por
secreto profesional y esta dirigida exclusivamente a el o los
destinatarios indicados. Cualquier uso, reproduccion, divulgacion o
distribucion por otras personas que su(s) destinatario(s) esta
estrictamente prohibida.
Las opiniones expresadas en este correo son las de su autor y no son
necesariamente compartidas o apoyadas por la compania.
---------------------------------------------------
------------------------------
Message: 2
Date: Tue, 14 Mar 2006 09:15:30 -0600
From: Javier Reyna Padilla <[EMAIL PROTECTED]>
Subject: Re: [ISSForum] Problemas con soporte
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1;
format=flowed
I am from Mexico too, and I am having no problems with ISS's support, in
fact I think ISS has one of the best support. In the mayority of the
cases I use the e-mail support, and I have a response sometimes the same
day but no more of 2 days. If the problem is the idiom, well that's not
ISS's problem, is yours or maybe your clients fault.
E Palacio O. wrote:
> To all of you outside North America and EMEA:
> Our customers have been experiencing problems to report incidents to
ISS,
> 1. - There is an automatic response system that takes sometimes a week
> or more to answer.
> 2.- The answer is to give an incident number and to request for them to
> repeat what the problem is.
> 3.- The anwer has to be given in less than 2 days or the incident is
> closed. In a recent event one of them received the first answer from ISS
> Support after 13 days.
> 4. Then it begings the Way of the Cross with one request after the other
> and no answer to the original question or to the original problem.
> 5. Then finally and after some arguments you finally get somebody that
> understand the problem and gives you a solution or alternative. This may
> takes several weeks.
>
> My question: Are you suffering the same treatment as we are receiving
> here in M?xico? If not, what are you doing different? Calling by phone
> to suport is not an option to the great majority of our customers that
> only speak spanish.
>
> What is happening to ISS support? The automatic response system just
stink.
>
> We are open to suggestion and reasonable recomendations.
>
> Thanks and Regards
>
> Eduardo Palacio O.
> Consultor
>
> __________________________________________________
> Correo Yahoo!
> Espacio para todos tus mensajes, antivirus y antispam ?gratis!
> Reg?strate ya - http://correo.yahoo.com.mx/
>
>
> _______________________________________________
> ISSForum mailing list
> [email protected]
>
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
>
> To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
>
> The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
>
>
------------------------------
Message: 3
Date: Tue, 14 Mar 2006 11:35:31 -0600 (CST)
From: sk00t <[EMAIL PROTECTED]>
Subject: Re: [ISSForum] Better way for scanning Windows than creating
an admin account?
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: TEXT/PLAIN; charset=US-ASCII
Just thought I would let everyone on the list know that Foundstone and Eeye
both have really nice docs on how to do scans and get the same results
without admin rights by settings corrects perms on registry keys and
allowing access to C$ / IPC$ / etc.
ISS, get on the ball, y'all.
-- sk00t
On Wed, 21 Dec 2005, sk00t wrote:
> I have been researching the need for an account with administrative
rights
for running scans of Windows boxes. Our NT administrators are uncomfortable
with this, and I think understandably so. If someone came to me and said
they needed a service account with admin access to all boxes on the domain
for their application to run, I would tell them it's a really bad idea, so
it reflects poorly on us when the security team is asking for this, doesn't
it?
>
> Has anyone found a better way to do this? With Nessus (ahem), I have been
able to create a non-admin account with interactive login disabled and just
rights to specific registry keys to perform scans for patches. Can I do the
same, or something similar for Scanner?
>
> To me this is a much better way to do this, because it's more suited to
leaving the account enable for automated scans.
>
> Any thoughts from the group?
>
>
> Thanks!
>
>
> -- sk00t
>
------------------------------
_______________________________________________
ISSForum mailing list
[email protected]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
TO CONTACT THE ISSForum MODERATOR, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
End of ISSForum Digest, Vol 26, Issue 8
***************************************
_______________________________________________
ISSForum mailing list
[email protected]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
[email protected]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
