[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Realsecure Server Sensor - Network Filtering



Try using the regular "trust.pair" 

Drop it into the blackice.ini. 


___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security



-----Original Message-----
From: Michael Nurre [mailto:mnurre@xxxxxxxxxxxxxxxx] 
Sent: October 08, 2004 12:33 PM
To: Andrew Plato
Cc: dmsimpson@xxxxxxx; issforum@xxxxxxx
Subject: RE: [ISSForum] Realsecure Server Sensor - Network Filtering

I've added pam.trust.pair under the advanced parameters of the sensor
with the appropriate information, but it doesn't seem to be ignoring
that particular item. Any ideas?





"Andrew Plato" <aplato@xxxxxxxxxxx>
10/08/2004 09:30 AM

 
        To:     <dmsimpson@xxxxxxx>, "Michael Nurre"
<mnurre@xxxxxxxxxxxxxxxx>
        cc:     <issforum@xxxxxxx>
        Subject:        RE: [ISSForum] Realsecure Server Sensor -
Network Filtering


Yes you can. Server sensor uses the same BlackICE engine as dekstop. So
many of the same parameters work against it that work against the
desktop product.  I believe pam.trust.pair parameter will work on server
sensor. 
Allowing you to filter out a signature for specific IP addresses. 
 
If you use the advanced parameters for the sensor, enter a name of
pam.trust.pair.  Its a string value. And then the value is
<ipaddress>,<signature_id> .  This should work.
 
Andrew Plato, CISSP
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com 

From: issforum-bounces@xxxxxxx on behalf of dmsimpson@xxxxxxx
Sent: Fri 10/8/2004 4:49 AM
To: Michael Nurre
Cc: issforum-bounces@xxxxxxx; issforum@xxxxxxx
Subject: Re: [ISSForum] Realsecure Server Sensor - Network Filtering

No you cannot.  I have actually been requesting this from ISS for a
little over three years.

Thanks,

David M Simpson
Risk Management Enterprise Security
Intrusion Detection Lead
American Electric Power
614.716.3139
dmsimpson@xxxxxxx




"Michael Nurre" <mnurre@xxxxxxxxxxxxxxxx> Sent by:
issforum-bounces@xxxxxxx
10/07/2004 03:48 PM


        To:     issforum@xxxxxxx
        cc:
        Subject:        [ISSForum] Realsecure Server Sensor - Network 
Filtering


Does anyone know if it is possible to filter out specific IP addresses
for

different signatures on the Server Sensor 7.0 like you can with the
Network Sensor? I would think it possible by editing some of the ini
files

under the BlackIce directory on the server sensor installation.
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.