How we did it - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.

Additional Resources

RSS

FEATURED WHITEPAPERS

Endpoint Security: Data Protection for IT, Freedom for Laptop Users Absolute Software

The movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Learn how to Create a More Efficient Virtualized Data Center Novell

Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

How we did it

By Joel Snyder , Network World , 08/23/2004
  • Social Web 
  • Email 
  • Feedback 
  • Close

We installed Sourcefire's 3D System, consisting of an RNA Sensor 2000 v2.0, an Intrusion Sensor 2000 v3.2 and a Defense Center 1000 v3.2 onto our production network. Sourcefire provided "release candidate" versions and installation assistance for all three products in the 3D System to highlight the new integration of the RNA and IDS information onto the Defense Center.

Tuning RNA simply means telling it which hosts to pay attention to - which networks belong to you - which only took a few moments. To test the Defense Center integration, we had to tune the IDS Intrusion Sensor by disabling some alerts and writing specific "pass" rules for others. We took two weeks to tune the IDS sensor output, spending one to two hours a day customizing the IDS policy to eliminate false alerts.

Once the IDS sensor output was reduced to a small number of alerts each day, we enabled impact alerts for systems the Defense Center considered "vulnerable" based on the combination of IDS and RNA data.

To evaluate how useful RNA was, we set out with eight specific tasks and looked at how hard (or easy) it was to solve them, including identifying compromised systems, reporting software and version information on mail and Web servers, alerting on newly installed systems, and setting up common queries to summarize servers and applications on a particular network segment.

Back to review: "Sourcefire's RNA provides instant visibility into your network"
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code
IT Buyer's Guides

View All Buyer's Guides