Now the Windows servers were protected by EndPoint
and received a clean bill of health.The Linux servers all have iptables firewalls and SELinux in enforcing mode, and so generated a few false positives, but were generally clean. The worst was that a few web servers hadn't had the TraceEnable Off parameter added to their configuration.
The Solaris servers fared worse. Simply due to their age and the fact that their purpose had been in a development environment.
The thing about EndPoint which I hadn't previously realised was that it detected attempted intrusions and refused further connections from those hosts originating the attacks. In this way it seemed to be operating much much like one of the modes that it was possible to configure into PortSentry. (It is really surprpising to think that the last release of PortSentry is almost seven years old now!) Consequently, I began lobbying for additional budget to purchase licences for the additional platforms.
The ability to have a single "management station" control the security protection across heterogenous server environment is incredible.
That's that for now!
No comments:
Post a Comment