About mattcooling

mattcooling · 03-23-2005

Does anyone have much experience with the 'TCP Hijack' signature on the IDS sensors? I've checked NSDB and the IDS docs for the engine in question, but neither go into detail on how to identify if the alerts are false or true positives.Any comments w...

mattcooling · 01-13-2005

Hi,I want to configure port security on a switch into which a failover PIX pair are configured. However, fromhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/port_sec.htmit appears that this may not be possible due to the PI...

mattcooling · 07-28-2004

Hi,I'm trying to access the CSA-MC database via ODBC (using the Microsoft SQL Server Desktop Engine) from another PC. However, I keep getting the access denied error. Does anyone know the 'correct' way of doing this, or can point me in the direction ...

mattcooling · 07-27-2004

Hi,I want to use link to the SQL database behind CSA-MC, in order to integrate with the event database. However, when I installed the software, I used the typical installation mode, and did not specify (or record) the SQL server password. How can I r...

mattcooling · 06-23-2004

Hi,Before SSL-VPN, we could configure a concentrator to be administered via the public IP address over HTTPS, and utilise filters to lock down access to that port to a specific IP range.When SSL-VPN is configured for a concentrator, HTTP and HTTPS ac...

mattcooling · 04-19-2005

Hi,It appears that VMS 2.3 does not support Windows 2003. Is that definitely the case? If so, when Win2003 be supported on VMS?Many thanks,Matt

mattcooling · 03-24-2005

Unless I've misunderstood it, any user can 'suspend security' if the setting is in place; the 'stop service' setting is the one that depends if you are an administrator or not.HTHMatt

mattcooling · 03-24-2005

Hi,The default setting for CSA is to allow the service to be stopped, but NOT allow the security to be suspended (which appears to be the case here).What you need to do is add an 'Agent Service Control' rule which is set to 'allow', when 'any user at...

mattcooling · 03-23-2005

Thanks Alex - I really appreciate you taking the time to give me so much information. Its all very useful, and agree that the most important issue to assess is the feasibility - the alerts are always to port 80 on a webserver, so I suspect its nothin...

mattcooling · 03-23-2005

Hi,Are you able to stop the 'Cisco Security Agent' service from Services? I had a similar problem, but it worked fine from Services.Regards,Matt

Member Since	‎02-25-2002 11:02 AM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	52
Total Helpful Votes Received	5

User Statistics

User Activity

TCP Hijack signature on IDS

Using port security with Failover PIXes

ODBC access to CSA-MC

Retrieve SQL Server password for CSA-MC

Concentrator administration via public HTTPS

Re: VMS 2.2 & Windows Server 2003

Re: Suspend security on UI

Re: Suspend security on UI

Re: TCP Hijack signature on IDS

Re: Suspend security on UI