Re: [Sguil-users] NSM Spec profiling
Status: Beta
Brought to you by:
bamm
From: Paul S. <pa...@ut...> - 2006-04-14 14:15:37
|
There's some problems with your spec sheet. What if I'm using more than one box for sguil? Your sheet assumes only one box - not even multiple CPUs. What is "Partition Format"? What is "Full Content Data Duration"? What if I have more than one hard drive? More than one NIC? For example, we're running snort with sguil sensor on a dual processor AMD box with three NICs. The server runs on a single processor Intel box and the database runs on a separate single processor Intel box. Each box has different specs, different NICs, different number of hard drives. If you're serious about collecting specs, you need to allow for all those possibilities (and more, I'm sure.) You also don't ask things like "with or without sancp?, with or without ethereal?, etc., etc." What about the client? What's it runniing on? Or is that not part of the equation? If not, why not? Those are just some immediate thoughts. CS Lee wrote: > To all the sguil users, > > I'm currently correcting the info to profile the sguil device including > hardware and software spec, I have requested such info previously but > only having one feedback. Since Richard told me it would be good to have > the info in form format , I have created the form so that anyone can > just download the form and fill it. All the infos collected will be > published after I have compiled it. I think this may help the > communities when comes to deploying NSM. > > You can download the form here either in open office or doc format. > > http://www.dissectible.org/anonymous/Misc/NSM-spec.odt > > http://www.dissectible.org/anonymous/Misc/NSM-spec.doc > > > I'm pleased to hope that everyone at least fill in the form and submit > to me. Thanks. > > -- > Best Regards, > > CS Lee<geek00L[at]gmail.com> -- Paul Schmehl (pa...@ut...) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ |