Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IDS/IPS Management devices

from [Biswas, Proneet] Network Security [Permanent Link]
Subject: RE: IDS/IPS Management devices
Date: Mon, 28 Mar 2005 14:49:51 -0800 
Thanks for all the feedback. I agree with Dave that Linux is definitely
a better platform. Agreed, it needs to be in a secure area but do I
expect my appliance provider to give me the patches for Linux
vulnerabilities which can potentially be exploited. I would expect as IT
administrator, the management platform is like any other device on the
network which needs to be maintained by the admin.

----------------------------------------------
To have known the best, and to have known it for the best, is success in
life. 

-----Original Message-----
From: David W. Goodrum [mailto:dgoodrum@nfr.com] 
Sent: Thursday, March 24, 2005 2:03 PM
To: Biswas, Proneet
Cc: focus-ids@securityfocus.com
Subject: Re: IDS/IPS Management devices

You should ask the vendors if they can run their management stations on 
other platforms, besides windows.  Potentially, they've just shipped you

Windows as a default, but potentially you could have requested a *nix 
platform.  We (NFR) always ship ours on Linux as default, but I know a 
lot of customers wish we packaged Windows  (there's always going to be 
somebody who complains no matter what you do).

Having said that, regardless of the OS the management platform runs on, 
it should always be in a secure area.  Some customers go so far as to 
have a completely out-of-band network for the management of their 
security devices.  Others simply stick the management server deep in the

network (i.e. behind several layers of security devices, as you have 
suggested).

-dave
(nfr)(security)
http://www.nfr.com

Biswas, Proneet wrote:


One of the issues which we have seen with IDS/IPS vendors shipping
Management stations to manage their devices is that customers start
questioning how secure the management station is as it is mostly

windows

based platforms and there are no Anti-Virus software etc. running on
them. So is it safe to suggest that the management station  should be
sitting behind one of the security devices which is managing it.
Any thoughts ?



-----------------------------------------------------------------------

---

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to

http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 

to learn more.
-----------------------------------------------------------------------

---


 



-- 
David W. Goodrum
Senior Systems Engineer
NFR Security
703.731.3765


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IP 127.0.0.1, David Gillett
Next by Date:  Behavior anomaly IDS attacks, Drew Simonis
Previous by Thread:  RE: IDS/IPS Management devices, Ofer Shezaf
Next by Thread:  New Gigabit IDS report, Bob Walder
Indexes:  [Date] [Thread] [Top] [All Lists]