Security Basics mailing list archives
Re: Info HIDS
From: captgoodnight () acsalaska net
Date: Thu, 8 Jul 2004 19:14:07 -0800
On Thursday 08 July 2004 03:21 am, Carlos H wrote:
Hello list, recently I have been deployment a DMZ. I'm trying to install and configure an HIDS (tripwire) to get intrusion's information about a Web Server (WebServer1). Looking on Tripwire's manual i found that is necesary (i`m not really sure!!!) that Tripwire run on the same machime to be monitored. I mind, Tripwire must be installed on WebServer1. That is not good for me! The question is: Exist another way to configure Tripwire (or other HIDS) looking for detecting a remote host? Is possible to install Tripwire in a diferent host to WebServer1? Carlos H.
Not sure if my method applies, but on my honeypots, I use tripwire binaries from a CDR; activated by cron. Reports picked up internally via pop3s. A pattern of retrieval/activation becomes obvious, thus a tell all to suspicious activity. Timing between the machines should be kept aligned too (ntpd); small window. Ssh could also be used instead of cron/pop3s. CDRs are a good way to keep binaries honest, chkrootkit is also used from the CDR. I know there's holes in this method, I do only run light weight honeypots though. Not a honeynet. Just a thought. cg --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Security Organization in Banks Alessandro Bottonelli (Jul 06)
- RE: Security Organization in Banks Dave Dyer (Jul 07)
- Re: Security Organization in Banks Steve (Jul 08)
- Info HIDS Carlos H (Jul 08)
- Re: Info HIDS Don Voss (Jul 09)
- Re: Info HIDS captgoodnight (Jul 09)
- Re: Info HIDS Daniel Cid (Jul 09)
- Re: Info HIDS Dave Dearinger (Jul 12)
- RE: Security Organization in Banks Dave Dyer (Jul 07)