Educause Security Discussion mailing list archives
OSSEC Tripwire HIDS experiences
From: Jeff Moore <mail () JEFFMOORE COM>
Date: Fri, 20 Apr 2012 10:06:07 -0700
Hi there folks! Just wanted to check with you all and see if any of you are doing server or client side HIDS. We are slowly deploying OSSEC. I was always a big Tripwire fan and have been really impressed with OSSEC and how much it has expanded. The LIDS piece as well as the active blocking(We aren't bold enough to do this yet. on servers...) really turns this into a great tool. Of course my opinion of the tool is based on past tripwire exposure and on limited test implementations of OSSEC. I have not run it for an extended period of time on a large group of servers/clients. Because of this I would just like to see what peoples experiences have been with this tool or other similar tools. We really appreciate all your opinions and any information you can give us. The more the better. Side note. On our clients several years ago we went from Trend to Sophos( [?] ) which basically removed the HIDS and other tools that Trend had built into their agent. The funny thing was when we called Sophos to ask if they had any active blocking tools built into their AV client(like Trend) they simply said "Wow that would be a really good feature!". So we have been lacking on client side HIDS etc. Thanks for any experience you can share!!!! -- Jeff Moore Desk (503) 877-4707 <https://www.google.com/voice?pli=1#phones> Cell (503) 9 <https://www.google.com/voice?pli=1#phones>10-0756 Mail () JeffMoore com
Current thread:
- OSSEC Tripwire HIDS experiences Jeff Moore (Apr 20)