That would be highly dependent on their particular environment and from
experience could very from hours to a day or 2. To me you need to trend
over a longer time for proper tuning to take into consideration the
normally dynamic nature of traffic. If they have already done tuning from
another sensor you might be able to replicate a bit of that assuming that
the segment you are installing on is similar.
Sorry for the "non answer" but it's likely going to take some digging on
your part to develop a better estimate.
Regards,
Chris Norris CISSP
IS Risk and Security Management Team
American Modern Insurance Companies
email: cnorris@amig.com
"Bill Wharton"
<bill_wharton@mai
lhost.cjb.net> To
Sent by: <issforum@iss.net>
issforum-bounces@ cc
iss.net
Subject
Re: [ISSForum] ISSForum Digest, Vol
03/17/2006 10:23 26, Issue 8
AM
I'm writing up a proposal for a client to install a Proventia G sensor with
1 segment. It includes deployment of the sensor and tweaking it a little so
that they aren't seeing events they wish to ignore.
How long should such an assignment take?
Thank you
-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On Behalf
Of issforum-request@iss.net
Sent: Wednesday, March 15, 2006 12:01 PM
To: issforum@iss.net
Subject: ISSForum Digest, Vol 26, Issue 8
Send ISSForum mailing list submissions to
issforum@iss.net
To subscribe or unsubscribe via the World Wide Web, visit
https://atla-mm1.iss.net/mailman/listinfo/issforum
or, via email, send a message with subject or body 'help' to
issforum-request@iss.net
You can reach the person managing the list at
issforum-owner@iss.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ISSForum digest..."
Today's Topics:
1. Re: Problemas con soporte (Juan Roa)
2. Re: Problemas con soporte (Javier Reyna Padilla)
3. Re: Better way for scanning Windows than creating an admin
account? (sk00t)
----------------------------------------------------------------------
Message: 1
Date: Tue, 14 Mar 2006 10:59:40 -0400
From: "Juan Roa" <juan.roa@orion2000.com>
Subject: Re: [ISSForum] Problemas con soporte
To: "E Palacio O." <epalacio@tsi-seguridad.com.mx>
Cc: issforum@iss.net
Message-ID: <ATLMAIEXCP08GxegIqu0008c7fb@atlmaiexcp08.iss.local>
Content-Type: text/plain; charset=ISO-8859-1
Hi:
I had opened about 10 support cases in the last two months, and we have
very quick response from ISS support ion all the cases.
Do you ever try to open a issue on the web page ? sometimes is faster than
the automatic response.
Unfortunately there is no support in spanish.
Atte
Juan Roa Salinas
Chile
"E Palacio O." <epalacio@tsi-seguridad.com.mx> on Lunes, 13 de Marzo de
2006 at 13:53 -0400 wrote:
To all of you outside North America and EMEA:
Our customers have been experiencing problems to report incidents to ISS,
1. - There is an automatic response system that takes sometimes a week
or more to answer.
2.- The answer is to give an incident number and to request for them to
repeat what the problem is.
3.- The anwer has to be given in less than 2 days or the incident is
closed. In a recent event one of them received the first answer from ISS
Support after 13 days.
4. Then it begings the Way of the Cross with one request after the other
and no answer to the original question or to the original problem.
5. Then finally and after some arguments you finally get somebody that
understand the problem and gives you a solution or alternative. This may
takes several weeks.
My question: Are you suffering the same treatment as we are receiving
here in M?xico? If not, what are you doing different? Calling by phone
to suport is not an option to the great majority of our customers that
only speak spanish.
What is happening to ISS support? The automatic response system just
stink.
We are open to suggestion and reasonable recomendations.
Thanks and Regards
Juan Roa Salinas
IEI - SOC Senior Manager - SGMS
Phone: (56 2) 6403981, (56 9) 1003695
e-mail: juan@orion2000.com
web site: www.orion.cl
Orion 2000 S.A. - Chile
Soluciones en Seguridad de la Informacion
Empresa certificada BS 7799:2002 | ISO 9001:2000
----------------------------------------------------
La informacion contenida en esta transmision es confidencial, amparada por
secreto profesional y esta dirigida exclusivamente a el o los
destinatarios indicados. Cualquier uso, reproduccion, divulgacion o
distribucion por otras personas que su(s) destinatario(s) esta
estrictamente prohibida.
Las opiniones expresadas en este correo son las de su autor y no son
necesariamente compartidas o apoyadas por la compania.
---------------------------------------------------
------------------------------
Message: 2
Date: Tue, 14 Mar 2006 09:15:30 -0600
From: Javier Reyna Padilla <jreyna@onlinet.com.mx>
Subject: Re: [ISSForum] Problemas con soporte
To: issforum@iss.net
Message-ID: <ATLMAIEXCP086MkKKhD0008d98d@atlmaiexcp08.iss.local>
Content-Type: text/plain; charset=ISO-8859-1;
format=flowed
I am from Mexico too, and I am having no problems with ISS's support, in
fact I think ISS has one of the best support. In the mayority of the
cases I use the e-mail support, and I have a response sometimes the same
day but no more of 2 days. If the problem is the idiom, well that's not
ISS's problem, is yours or maybe your clients fault.
E Palacio O. wrote:
To all of you outside North America and EMEA:
Our customers have been experiencing problems to report incidents to
ISS,
1. - There is an automatic response system that takes sometimes a week
or more to answer.
2.- The answer is to give an incident number and to request for them to
repeat what the problem is.
3.- The anwer has to be given in less than 2 days or the incident is
closed. In a recent event one of them received the first answer from ISS
Support after 13 days.
4. Then it begings the Way of the Cross with one request after the other
and no answer to the original question or to the original problem.
5. Then finally and after some arguments you finally get somebody that
understand the problem and gives you a solution or alternative. This may
takes several weeks.
My question: Are you suffering the same treatment as we are receiving
here in M?xico? If not, what are you doing different? Calling by phone
to suport is not an option to the great majority of our customers that
only speak spanish.
What is happening to ISS support? The automatic response system just
stink.
We are open to suggestion and reasonable recomendations.
Thanks and Regards
Eduardo Palacio O.
Consultor
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ?gratis!
Reg?strate ya - http://correo.yahoo.com.mx/
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
------------------------------
Message: 3
Date: Tue, 14 Mar 2006 11:35:31 -0600 (CST)
From: sk00t <sk00t@cipherpunx.org>
Subject: Re: [ISSForum] Better way for scanning Windows than creating
an admin account?
To: issforum@iss.net
Message-ID: <ATLMAIEXCP08Ije6n0s0008dcfe@atlmaiexcp08.iss.local>
Content-Type: TEXT/PLAIN; charset=US-ASCII
Just thought I would let everyone on the list know that Foundstone and Eeye
both have really nice docs on how to do scans and get the same results
without admin rights by settings corrects perms on registry keys and
allowing access to C$ / IPC$ / etc.
ISS, get on the ball, y'all.
-- sk00t
On Wed, 21 Dec 2005, sk00t wrote:
I have been researching the need for an account with administrative
rights
for running scans of Windows boxes. Our NT administrators are uncomfortable
with this, and I think understandably so. If someone came to me and said
they needed a service account with admin access to all boxes on the domain
for their application to run, I would tell them it's a really bad idea, so
it reflects poorly on us when the security team is asking for this, doesn't
it?
Has anyone found a better way to do this? With Nessus (ahem), I have been
able to create a non-admin account with interactive login disabled and just
rights to specific registry keys to perform scans for patches. Can I do the
same, or something similar for Scanner?
To me this is a much better way to do this, because it's more suited to
leaving the account enable for automated scans.
Any thoughts from the group?
Thanks!
-- sk00t
------------------------------
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
TO CONTACT THE ISSForum MODERATOR, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
End of ISSForum Digest, Vol 26, Issue 8
***************************************
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
