Re: CTR Protected Systems - Updating system OS settings

ishah · ‎09-02-2003

Hi,

Does anyone know if CTR can be configured in the current release to update protected systems dynamically perhaps by running scheduled agents etc if say a win2k SP1 system has been patched to a win2k sp4 system

If not - As a enhancement request can it be configured to periodically check OS mappings and SP settings and update these dynamically

The same for Unix (Solaris and Linux) when level 2 support is added for those OS's in the next release.

thanks

cskipper · ‎09-04-2003

Hi,

The current 2.0 release of Cisco Threat Response does not support the ability to dynamically confirm and/or update Static OS Mappings. Typically Static OS Mapping is used for situations where the target system is either modified to return a false OS fingerprint, or is not sufficiently exposed for an accurate OS fingerprint. As such, dynamically confirming changes would not be possible. If systems are accessible for an accurate fingerprint, we recommend that Static OS Mapping is not used, and that CTR is allowed to fully analyze the target system.

Hope this helps.

ishah · ‎09-09-2003

Hi,

Where there are typical scenarios with multiple dmz's and lots of customers with their own web pods, firewalling prevents accurate finger-printing.

The system should be able to update for level 2 (Microsoft Systems) and when Level 2 is available or Unix, it should be able to connect and assess the system fingerprint.

Can you please consider these ER requests