Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISSForum] RE: FOUND! databaase login

from [Duncanson, Robert] Network Security [Permanent Link]
Subject: [ISSForum] RE: FOUND! databaase login
Date: Thu, 19 Aug 2004 10:45:18 +0100 
Matteo,

Good. However, as per the previous post, I still recommend you create
SQL credentials to be used by your application/agent. 

Cheers,
Robert

-----Original Message-----
From: nyarlathothep@libero.it [mailto:nyarlathothep@libero.it] 
Sent: 19 August 2004 10:23
To: Duncanson, Robert
Cc: issforum
Subject: FOUND! databaase login

Ok, it was much simpler than I think...

Create a new ODBC source AND where you found "change the deafult
database to"
select RealSecure DB. The first time I've created the ODBC DSN I've
found only <default> in the list, but when I've tries to reconfigure the
DSN I've found the RSDB in the list.

I hpe it could be useful to someone else, Thanks for the help,

Matteo


---------- Initial Header -----------


From      : "Duncanson, Robert" robert.duncanson@gb.unisys.com

To          : nyarlathothep@libero.it,"issforum" issforum@iss.net
Cc          : 
Date      : Thu, 19 Aug 2004 09:06:20 +0100
Subject : RE: [ISSForum] databaase login



Matteo,

You cannot use the SQL logins (IssApp, EventCollector_XXXXXX etc.) 
that are created by ISS components, since these have random passwords 
which are stored securely. (Even if that were not the case, using the 
same account for two distinctly different processes goes against best
practice.)

The solution is to simply create a new SQL login for your agent

process.

From what you wrote, this looks like a read-only/reporting scenario, 
so the standard SQL roles public+db_datareader would probably suffice.

Cheers,

Robert

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net]
Sent: 18 August 2004 14:59
To: issforum
Subject: [ISSForum] databaase login
Importance: High

Hi all,




I've a problem with the Evaluation version of ISS Site Protector

Suite:


I'm developing an agent capable to connect to Snort and ISS IDS sensor



so I've to see how ISS write alerts data in the database.




I've installed the evaluation and it works perfectly, but I recognize



that I dont know how to login into the MS SQL desktop database to see



tables. 

Is it possible? 
Is the login the same one of the Site Protector system or something 
else?

Could someone help me?





--------------------------------------------------------------------
Matteo Poropat
mailto:nyarlathothep@libero.it
http://www.genhome.org
--------------------------------------------------------------------



_______________________________________________



ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security 
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.




-------------------------------
-------------------------------
------
Matteo Poropat
mailto:nyarlathothep@liber
o.it
http://www.genhome.org
http://books.dreambook.co
m/mefistofele74/genhome.
html

-------------------------------
-------------------------------
------


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISSForum] RE: FOUND! databaase login, Duncanson, Robert <=
Previous by Date:  [ISSForum] RE: again on databaase login, Duncanson, Robert
Next by Date:  RE: [ISSForum] Siteprotector managing multiple IP segments using twoNICs, Ballerini, Jean Paul (ISS EMEA)
Previous by Thread:  [ISSForum] RE: again on databaase login, Duncanson, Robert
Next by Thread:  RE: [ISSForum] Siteprotector managing multiple IP segments using twoNICs, Sergey V Soldatov
Indexes:  [Date] [Thread] [Top] [All Lists]