To follow up on this, finally: 1) Yes, agent software is required to monitor Windows systems. I am personally particularly fond of Event Reporter, as I think we've discussed on this list before, but we'll work with any EventLog to syslog forwarder that a customer cares to install. 2) After meeting Crispin Cowan and the d00ds at Immunix, we canned plans to build a secure Linux of our own (BTW, "CLUNIX" --> Counterpane Labs UNIX) and decided to use their OS instead. cheers -- tbird On Wed, 13 Mar 2002, Alexandre Dulaunoy wrote: > > On Tue, 12 Mar 2002 dgillettat_private wrote: > > > On 12 Mar 2002, at 16:00, Sweth Chandramouli wrote: > > > > > On Tue, Mar 12, 2002 at 02:34:51PM +0100, Alexandre Dulaunoy wrote: > > > > > > > > - How the device handles encrypted connection (like SSL/TLS, SSH...) ? > > > > - Maybe you can store private key on the sentry box ? (maybe quite dangerous > > > > > > I'm not sure I understand these questions; could you clarify them? > > > > Understanding that Alexandre is starting from an assumption that > > what the Sentry is doing is sniffing traffic -- an assumption that > > Sweth responded to elsewhere, although not quite definitively -- the > > questions are asking whether the Sentry can sniff *encrypted* > > traffic. (The second question asks about a specific (but dangerous) > > way this might be done.) > > The way I read Sweth's reply to the sniffing assumption -- and I > > may have misunderstood -- is that the Sentry doesn't (or didn't) > > sniff traffic passing by or through itself, but relies on logs, etc, > > from other devices. Those devices could include the local terminus > > of encrypted traffic, so I don't think it ever needs to see or > > decrypt the traffic itself. > > With all the information I got (thanks everybody). I understand that : > > - The sentry is a passive log collector box. (if I clearly understand) > > - remote unix are configured with syslog.conf @sentrybox and so on... > - I suspect some dedicated agent are needed for WIN32 ? (or maybe via > the WIN32 RPC call and passive logging ?) > - This part is not so clear for me. (on how it works ?) > > - The communication is done in SSL between the sentry and the counterpane > MSS. (connection iniated from the counterpane MSS, I suspect) > > - This part seems clear. > > - I have seen an old message from John Callas > (http://archives.neohapsis.com/archives/crypto/2000-q2/0004.html), and > they were planning to release it under an open source license. But now ? > > Is there somebody with more information about CLUNIX ? > > Alx > > PS : These question are pure technical curiosity ;-) Because logs analysis > is quite complex and fun... > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sat Mar 16 2002 - 04:47:45 PST