Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Does anyone have much experience with the 'TCP Hijack' signature on the IDS sensors? I've checked NSDB and the IDS docs for the engine in question, but neither go into detail on how to identify if the alerts are false or true positives.Any comments w...
Hi,I want to configure port security on a switch into which a failover PIX pair are configured. However, fromhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/port_sec.htmit appears that this may not be possible due to the PI...
Hi,I'm trying to access the CSA-MC database via ODBC (using the Microsoft SQL Server Desktop Engine) from another PC. However, I keep getting the access denied error. Does anyone know the 'correct' way of doing this, or can point me in the direction ...
Hi,I want to use link to the SQL database behind CSA-MC, in order to integrate with the event database. However, when I installed the software, I used the typical installation mode, and did not specify (or record) the SQL server password. How can I r...
Hi,Before SSL-VPN, we could configure a concentrator to be administered via the public IP address over HTTPS, and utilise filters to lock down access to that port to a specific IP range.When SSL-VPN is configured for a concentrator, HTTP and HTTPS ac...
Unless I've misunderstood it, any user can 'suspend security' if the setting is in place; the 'stop service' setting is the one that depends if you are an administrator or not.HTHMatt
Hi,The default setting for CSA is to allow the service to be stopped, but NOT allow the security to be suspended (which appears to be the case here).What you need to do is add an 'Agent Service Control' rule which is set to 'allow', when 'any user at...
Thanks Alex - I really appreciate you taking the time to give me so much information. Its all very useful, and agree that the most important issue to assess is the feasibility - the alerts are always to port 80 on a webserver, so I suspect its nothin...
