Re: [ISSForum] ISSForum Digest, Vol 26, Issue 8

I'm writing up a proposal for a client to install a Proventia G sensor with
1 segment. It includes deployment of the sensor and tweaking it a little so
that they aren't seeing events they wish to ignore.

How long should such an assignment take?

Thank you

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On Behalf
Of issforum-request@iss.net
Sent: Wednesday, March 15, 2006 12:01 PM
To: issforum@iss.net
Subject: ISSForum Digest, Vol 26, Issue 8

Send ISSForum mailing list submissions to
        issforum@iss.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://atla-mm1.iss.net/mailman/listinfo/issforum
or, via email, send a message with subject or body 'help' to
        issforum-request@iss.net

You can reach the person managing the list at
        issforum-owner@iss.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ISSForum digest..."


Today's Topics:

   1. Re: Problemas con soporte (Juan Roa)
   2. Re: Problemas con soporte (Javier Reyna Padilla)
   3. Re: Better way for scanning Windows than creating an      admin
      account? (sk00t)


----------------------------------------------------------------------

Message: 1
Date: Tue, 14 Mar 2006 10:59:40 -0400
From: "Juan Roa" <juan.roa@orion2000.com>
Subject: Re: [ISSForum] Problemas con soporte
To: "E Palacio O." <epalacio@tsi-seguridad.com.mx>
Cc: issforum@iss.net
Message-ID: <ATLMAIEXCP08GxegIqu0008c7fb@atlmaiexcp08.iss.local>
Content-Type: text/plain; charset=ISO-8859-1

Hi:

I had opened about 10 support cases in the last two months, and we have
very quick response from ISS support ion all the cases.

Do you ever try to open a issue on the web page ? sometimes is faster than
the automatic response.

Unfortunately there is no support in spanish.

Atte

Juan Roa Salinas

Chile


"E Palacio O." <epalacio@tsi-seguridad.com.mx> on Lunes, 13 de Marzo de
2006 at 13:53 -0400 wrote:
> To all of you outside North America and EMEA:
> Our customers have been experiencing  problems to report incidents to ISS,
> 1. - There is an automatic response system that takes sometimes a week 
> or more to answer.
> 2.- The answer is to give an incident number and to request for them to 
> repeat what the problem is.
> 3.- The anwer has to be given in less than 2 days or the incident is 
> closed. In a recent event one of them received the first answer from ISS 
> Support after 13 days.
> 4. Then it begings the Way of the Cross with one request after the other 
> and no answer to the original question or to the original problem.
> 5. Then finally and after some arguments you finally get somebody that 
> understand the problem and gives you a solution or alternative. This may 
> takes several weeks.
>
> My question: Are you suffering the same treatment as we are receiving 
> here in M?xico? If not, what are you doing different?  Calling by phone 
> to suport is not  an option to the great majority of  our customers that 
> only speak spanish.
>
> What is happening to ISS support? The automatic response system just
> stink.
>
> We are open to suggestion and reasonable recomendations.
>
> Thanks and Regards


Juan Roa Salinas
IEI - SOC Senior Manager - SGMS
Phone: (56 2) 6403981, (56 9) 1003695
e-mail: juan@orion2000.com
web site: www.orion.cl

Orion 2000 S.A. - Chile
Soluciones en Seguridad de la Informacion
Empresa certificada BS 7799:2002 | ISO 9001:2000
----------------------------------------------------
La informacion contenida en esta transmision es confidencial, amparada por
secreto profesional y esta dirigida exclusivamente a el o los
destinatarios indicados. Cualquier uso, reproduccion, divulgacion o
distribucion por otras personas que su(s) destinatario(s) esta
estrictamente prohibida.
Las opiniones expresadas en este correo son las de su autor y no son
necesariamente compartidas o apoyadas por la compania.
---------------------------------------------------




------------------------------

Message: 2
Date: Tue, 14 Mar 2006 09:15:30 -0600
From: Javier Reyna Padilla <jreyna@onlinet.com.mx>
Subject: Re: [ISSForum] Problemas con soporte
To: issforum@iss.net
Message-ID: <ATLMAIEXCP086MkKKhD0008d98d@atlmaiexcp08.iss.local>
Content-Type: text/plain;       charset=ISO-8859-1;     format=flowed

I am from Mexico too, and I am having no problems with ISS's support, in 
fact I think ISS has one of the best support.  In the mayority of the 
cases I use the e-mail support, and I have a response sometimes the same 
day but no more of 2 days. If the problem is the idiom, well that's not 
ISS's problem, is yours or maybe your clients fault. 

E Palacio O. wrote:
> To all of you outside North America and EMEA:
> Our customers have been experiencing  problems to report incidents to ISS,
> 1. - There is an automatic response system that takes sometimes a week 
> or more to answer.
> 2.- The answer is to give an incident number and to request for them to 
> repeat what the problem is.
> 3.- The anwer has to be given in less than 2 days or the incident is 
> closed. In a recent event one of them received the first answer from ISS 
> Support after 13 days.
> 4. Then it begings the Way of the Cross with one request after the other 
> and no answer to the original question or to the original problem.
> 5. Then finally and after some arguments you finally get somebody that 
> understand the problem and gives you a solution or alternative. This may 
> takes several weeks.
>
> My question: Are you suffering the same treatment as we are receiving 
> here in M?xico? If not, what are you doing different?  Calling by phone 
> to suport is not  an option to the great majority of  our customers that 
> only speak spanish.
>
> What is happening to ISS support? The automatic response system just
stink.
> We are open to suggestion and reasonable recomendations.
>
> Thanks and Regards
>
> Eduardo Palacio O.
> Consultor
>
> __________________________________________________
> Correo Yahoo!
> Espacio para todos tus mensajes, antivirus y antispam ?gratis! 
> Reg?strate ya - http://correo.yahoo.com.mx/ 
>
>
> _______________________________________________
> ISSForum mailing list
> ISSForum@iss.net
>
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
> To contact the ISSForum Moderator, send email to mod-issforum@iss.net
>
> The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
>   




------------------------------

Message: 3
Date: Tue, 14 Mar 2006 11:35:31 -0600 (CST)
From: sk00t <sk00t@cipherpunx.org>
Subject: Re: [ISSForum] Better way for scanning Windows than creating
        an      admin account?
To: issforum@iss.net
Message-ID: <ATLMAIEXCP08Ije6n0s0008dcfe@atlmaiexcp08.iss.local>
Content-Type: TEXT/PLAIN; charset=US-ASCII

Just thought I would let everyone on the list know that Foundstone and Eeye
both have really nice docs on how to do scans and get the same results
without admin rights by settings corrects perms on registry keys and
allowing access to C$ / IPC$ / etc.

ISS, get on the ball, y'all.



-- sk00t



On Wed, 21 Dec 2005, sk00t wrote:

> I have been researching the need for an account with administrative rights
for running scans of Windows boxes. Our NT administrators are uncomfortable
with this, and I think understandably so. If someone came to me and said
they needed a service account with admin access to all boxes on the domain
for their application to run, I would tell them it's a really bad idea, so
it reflects poorly on us when the security team is asking for this, doesn't
it?
> Has anyone found a better way to do this? With Nessus (ahem), I have been
able to create a non-admin account with interactive login disabled and just
rights to specific registry keys to perform scans for patches. Can I do the
same, or something similar for Scanner?
> To me this is a much better way to do this, because it's more suited to
leaving the account enable for automated scans.
> Any thoughts from the group?
>
>
> Thanks!
>
>
> -- sk00t



------------------------------

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

TO CONTACT THE ISSForum MODERATOR, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

End of ISSForum Digest, Vol 26, Issue 8
***************************************

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.