Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS/IPS Management devices

from [Dante Mercurio] Network Security [Permanent Link]
Subject: RE: IDS/IPS Management devices
Date: Mon, 28 Mar 2005 08:39:34 -0500 
Best practices would dictate the management device is on a separate
segment with strong access control with only the necessary access to
manage the devices and receive logs. This is for both the prevention of
an attack on it and the compromise of any logging data it might contain.

That being said, from the Cisco side which I am most familiar with, the
CSA agent is installed on the VMS management console with a pretty
restrictive rule set and the management device is locked down pretty
tight. I still try to put it on a separate segment whenever I can.

M. Dante Mercurio, CISSP, CWNA, Security+



-----Original Message-----
From: Biswas, Proneet [mailto:pbiswas@ipolicynetworks.com] 
Sent: Thursday, March 24, 2005 2:35 PM
To: focus-ids@securityfocus.com
Subject: IDS/IPS Management devices


One of the issues which we have seen with IDS/IPS vendors shipping
Management stations to manage their devices is that customers start
questioning how secure the management station is as it is mostly windows
based platforms and there are no Anti-Virus software etc. running on
them. So is it safe to suggest that the management station  should be
sitting behind one of the security devices which is managing it. Any
thoughts ?



------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  IDS/IPS, Log Management and Compliance, Security Focus
Next by Date:  Re: IDS Evaluation, Ron Gula
Previous by Thread:  RE: IDS/IPS Management devices, Prashant Khandelwal
Next by Thread:  RE: IDS/IPS Management devices, Ofer Shezaf
Indexes:  [Date] [Thread] [Top] [All Lists]