Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] Siteprotector managing multiple IP segmentsusing twoNICs

from [Ballerini, Jean Paul (ISS EMEA)] Network Security [Permanent Link]
Subject: RE: [ISSForum] Siteprotector managing multiple IP segmentsusing twoNICs
Date: Fri, 20 Aug 2004 13:58:31 +0200 
Sergey,

You are correct that it should be able to use multiple NICs without
further issues and we are working on it.
Though you really only need to add a permanent route in order to connect
both to the AS and to the DC. There is no absolute need to install 2
separate DCs.

Jean Paul

-----Original Message-----
From: issforum-bounces@atla-mm1.iss.net On Behalf Of Sergey V Soldatov
Sent: Friday, August 20, 2004 11:44 AM
To: robert.duncanson@gb.unisys.com
Cc: mhbengal@yahoo.com; issforum@atla-mm1.iss.net
Subject: RE: [ISSForum] Siteprotector managing multiple IP segmentsusing
twoNICs


Hi.

I think that Robert is not 100% right.

All Site Protector (SP) componets during installation ask what
IP-addrress
to bind to (through which interface component will communicate with
others). So, if you have Application Server (AS) on computer with
multiple
IP-addresses you can use ONLY ONE to connect to with console, i.e. AS
can
operate only via one IP and it is stored in Site DB (see Sites table).
The
same situation is with Desctop Controller. It means that if you have
Desctop Agents in two different network segments without routing between
them, you have to install two desctop controllers - one for each
segment.

But, Event Collector (EC), can pull events from different segments via
different NICs. Probubly because EC is client for sensors.

As for me I think that it is not right when SP componet can operate only
through one IP, because it is recommended to configurate stealth mode
for
sensors and it can be done for RNE without problems, but for RSV it
isn't
always possible because usually communication with SP components is
going
through company's production network. So, if ISS will decide to modify
EC
so that it will be able to operate through only one IP, we'll have to
configure roting between Out-Of-band segment wuth sensors management
interfaces and protect that segment with firewall OR install multiple
ECs:
one for out-of-band segment, another for commont VLANs, etc.

So, i think, it is desirable for SP components to listen to on all IPs
on
box they installed. But now it is not so.

---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)


 

              "Duncanson, Robert"

              <robert.duncanson@gb.unisys.c        To:
<mhbengal@yahoo.com>, <issforum@iss.net>                   
              om>                                  cc:

              Sent by:                             Subject:  RE:
[ISSForum] Siteprotector managing multiple IP segments 
              issforum-bounces@iss.net              using    twoNICs

 

 

              19.08.2004 12:40

 

 





Mustapha,

Yes, TCP/IP-level decisions are made by the operating system, not by
SiteProtector. In other words, as long as there is IP connectivity to
the sensor, SiteProtector will be able to connect. The simplest check is
to telnet to the sensor on port 2998, 901 (Network ensor) or 902 (Server
Sensor).

Note: In some cases when NAT (Network Address Translation) is used
between SiteProtector and sensor, SiteProtector needs a particular
configuration. You can find good information in the product
documentation itself, as well as the ISS knowledgebase.

Cheers,
Robert


-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net]
Sent: 18 August 2004 05:41
To: issforum@iss.net
Subject: [ISSForum] Siteprotector managing multiple IP segments using
twoNICs


Realsecure Siteprotector 2 SP4
Windows 2000 server SP4
MS-SQL SP3

Is it possible to Manage two/multiple sesnor in different IP segments
using one Siteprotector (Application server, Event Collector and DB)
with two/multiple NIC's for management. Is there an issue for running
the application server/Event collector daemons on the Siteprotector with
multiple NIC's?

regards
Mustapha

MUSTAPHA HUNEYD, CISSP
Emirates Telecommunications Corporation
Mob:+971506625859  Tel: +97126184804


---------------------------------
 ALL-NEW Yahoo! Messenger - all new features - even more fun!
_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.





_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ISSForum] Siteprotector managing multiple IP segments using twoNICs, Sergey V Soldatov
Next by Date:  RE: [ISSForum] Siteprotector managing multiple IP segmentsusing twoNICs, Sergey V Soldatov
Previous by Thread:  RE: [ISSForum] Siteprotector managing multiple IP segments using twoNICs, Sergey V Soldatov
Next by Thread:  RE: [ISSForum] Siteprotector managing multiple IP segmentsusing twoNICs, Sergey V Soldatov
Indexes:  [Date] [Thread] [Top] [All Lists]