Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] Realsecure Server Sensor - Network Filtering

from [Andrew Plato] Network Security [Permanent Link]
Subject: RE: [ISSForum] Realsecure Server Sensor - Network Filtering
Date: Fri, 8 Oct 2004 18:58:13 -0700 
Try using the regular "trust.pair" 

Drop it into the blackice.ini. 


___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security



-----Original Message-----
From: Michael Nurre [mailto:mnurre@americanbank.com] 
Sent: October 08, 2004 12:33 PM
To: Andrew Plato
Cc: dmsimpson@aep.com; issforum@iss.net
Subject: RE: [ISSForum] Realsecure Server Sensor - Network Filtering

I've added pam.trust.pair under the advanced parameters of the sensor
with the appropriate information, but it doesn't seem to be ignoring
that particular item. Any ideas?





"Andrew Plato" <aplato@anitian.com>
10/08/2004 09:30 AM

 
        To:     <dmsimpson@aep.com>, "Michael Nurre"
<mnurre@americanbank.com>
        cc:     <issforum@iss.net>
        Subject:        RE: [ISSForum] Realsecure Server Sensor -
Network Filtering


Yes you can. Server sensor uses the same BlackICE engine as dekstop. So
many of the same parameters work against it that work against the
desktop product.  I believe pam.trust.pair parameter will work on server
sensor. 
Allowing you to filter out a signature for specific IP addresses. 
 
If you use the advanced parameters for the sensor, enter a name of
pam.trust.pair.  Its a string value. And then the value is
<ipaddress>,<signature_id> .  This should work.
 
Andrew Plato, CISSP
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com 

From: issforum-bounces@iss.net on behalf of dmsimpson@aep.com
Sent: Fri 10/8/2004 4:49 AM
To: Michael Nurre
Cc: issforum-bounces@iss.net; issforum@iss.net
Subject: Re: [ISSForum] Realsecure Server Sensor - Network Filtering

No you cannot.  I have actually been requesting this from ISS for a
little over three years.

Thanks,

David M Simpson
Risk Management Enterprise Security
Intrusion Detection Lead
American Electric Power
614.716.3139
dmsimpson@aep.com




"Michael Nurre" <mnurre@americanbank.com> Sent by:
issforum-bounces@iss.net
10/07/2004 03:48 PM


        To:     issforum@iss.net
        cc:
        Subject:        [ISSForum] Realsecure Server Sensor - Network 
Filtering


Does anyone know if it is possible to filter out specific IP addresses
for

different signatures on the Server Sensor 7.0 like you can with the
Network Sensor? I would think it possible by editing some of the ini
files

under the BlackIce directory on the server sensor installation.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISSForum] Server sensor installation, Muraca, Peppino
Next by Date:  Re: [ISSForum] Realsecure Server Sensor - Network Filtering, Sergey V Soldatov
Previous by Thread:  RE: [ISSForum] Realsecure Server Sensor - Network Filtering, Michael Nurre
Next by Thread:  Re: [ISSForum] Realsecure Server Sensor - Network Filtering, Sergey V Soldatov
Indexes:  [Date] [Thread] [Top] [All Lists]