Second-Line defense on Windows NT

[Toon_Mordijck () cem be]

Hi,
The way I like to look at network security is riskanalysis based. I see
some risks connecting our network to the Internet, then I implement a
firewall and I try to find the remaining risks. The conclusion then can be
to implement additional security in order to solve as much as possible of
the remaining securityproblems. I try to make sure that this kind of second
line defense (or even third line) is done for every possible networkflow.
One possibility I see, is to implement on possible vulnerable hosts
(including the firewall) a small tool that permanently checks the integrity
of that host and the access to system resources. This tool should be able
to send some kind of real-time alert to administrators/operators when
something non-predifined happens on the host and perhaps it should be able
to take countermeasures like disabling the external network connection.
I'm pretty confident that this kind of tool exists on UNIX platforms,
although I can not remember some names I've heard, but at present I'm
looking for such a tool for a Windows NT host (commercial or shareware).
Can someone help me?

Kind regards,

Toon Mordijck
Network security
CEM
Toon_Mordijck () cem be