A management station sits in the management network and its meant for managing
the device no matter where the mgmt station is kept .If Suggestions pertaining
to mgmt station placement is given its kinda compramise to its flexibility
from end users prespective IMHO .
A Management station sitting in the Management network should ideally be a
highly protected network having acess to limited trusted users who really
manage
the IDS/IPS Device its better if its isolated from other networks. At the same
time if the Device is managed remotely .. then appropriate measures should be
taken for its security as well
End customers can be adviced to use AV solutions ,File intergrity checkers on
there manangement stations .Patch management on these devices must be done on a
regualr basis
-Prashant
________________________________
From: Biswas, Proneet [mailto:pbiswas@ipolicynetworks.com]
Sent: Fri 3/25/2005 1:05 AM
To: focus-ids@securityfocus.com
Subject: IDS/IPS Management devices
One of the issues which we have seen with IDS/IPS vendors shipping
Management stations to manage their devices is that customers start
questioning how secure the management station is as it is mostly windows
based platforms and there are no Anti-Virus software etc. running on
them. So is it safe to suggest that the management station should be
sitting behind one of the security devices which is managing it.
Any thoughts ?
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
