Hi Jakee, Currently we're looking to use the SoH to cover the MS users, and snort violations to monitor the network for other threats. I'm no Apple fan, but I know that the only virus trouble we've seen on our network has been from MS operating systems, so we figured that this was the best approach. We are unable to utilise Nessus as we will not have administrator access over the client machines.
Personally I'm yet to get my head around declaring the snort triggers and keeping them up-to-date. I can only see that the oinkmaster will download new triggers, but I have to manually declare these inside the violations.conf, which boggles my mind somewhat when there are thousands upon thousands of them. I admit to not having read too much on documentation on configuring snort just as yet though. Cheers, Andi -----Original Message----- From: Sallee, Stephen (Jake) [mailto:[email protected]] Sent: 28 February 2012 16:24 To: [email protected] Subject: Re: [Packetfence-users] OpenVAS vs Nessus Francios: You are correct, that may be an option for our Windows users ... but we have this growing population of crazy people who think that in order to get a good computer they have to spend twice as much as everyone else, you may know them as apple users : ) Sorry to any Apple people out there, but Apple and I don't see eye-to-eye ... on anything. Jake Sallee Godfather of Bandwidth Network Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________________ From: Francois Gaudreault [[email protected]] Sent: Tuesday, February 28, 2012 10:13 AM To: [email protected] Subject: Re: [Packetfence-users] OpenVAS vs Nessus Hi Jake, You forgot another option, SoH (Microsoft NAP). If you do WPA2-Enterprise, you can use SoH to do conformity assessment on the Microsoft based computers connecting to the 802.1X SSID. I just wanted to mention it :) On 12-02-28 11:06 AM, Sallee, Stephen (Jake) wrote: > We are about to deploy scanning in PF, which engine is better? OpenVAS or > Nessus? I know about Nessus (but we aren't experts) and it is legendary for > its ability to scan hosts. However it is not exactly user-friendly. > > We do not have any experience with OpenVAS, so naturally we do not know how > well it works or how friendly it is. > > So I ask you community (and Inverse) what would you suggestion be, Nessus or > OpenVAS and why? > > Also, as an aside: We are also planning on deploying a network of snort > sensors. Given that snort should detect all undesirable network traffic (if > you configure it correctly) is network posturing a worth while endeavor? > > Jake Sallee > Godfather of Bandwidth > Network Engineer > University of Mary Hardin-Baylor > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > ---------------------------------------------------------------------- > -------- Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft > developers is just $99.99! Visual Studio, SharePoint, SQL - plus > HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you > subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >University. From the 6th December, as part of this change, all email addresses >which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent >from Cardiff Metropolitan University will now be sent from the new >@cardiffmet.ac.uk address. Please could you ensure that all of your contact >records and databases are updated to reflect this change. Further information >can be found on the website >here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
