IDS mailing list archives

Re: host-based ips ?

From: Mike Frantzen <frantzen () nfr com>
Date: Fri, 18 Apr 2003 11:15:45 -0400

there are some nips (network based ips), but i never ever heard about 
host based ips. any body have known about this?


Niels' systrace originally from OpenBSD and NetBSD fits the bill.  I've
heard that it has been ported to FreeBSD and Linux as well.  It does
take a bit more technical know-how to set up right though.

There is also Crispin's Stackguard, my StackGhost, and Etoh's Propolice
for general stack protection.  Format string attack protection would come
from Crispin's and my Formatguard.  There are a bunch of venders
shipping various non-exec solutions; I like Dale Rahn's OpenBSD W^X
protection but then again, I'm biased ;-)

General solutions are often easier on a host than the traditional
"detect and stop known attack" of the Network IPS world.

.mike
frantzen@(nfr.com | cvs.openbsd.org | w4g.org)

------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
 
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - 
including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. 
 
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids

Current thread:

host-based ips ? Quynh Nguyen Anh (Apr 17)
- Re: host-based ips ? Huagang Xie (Apr 17)
  - Re: host-based ips ? John Ruff (Apr 21)
- Re: host-based ips ? Mike Frantzen (Apr 21)
- <Possible follow-ups>
- RE: host-based ips ? Shimono, Toshio (ISS Tokyo) (Apr 17)
  - RE: host-based ips ? Security News (Apr 21)
- RE: host-based ips ? Adam Powers (Apr 17)
  - RE: host-based ips ? Chris Petersen (Apr 21)
- Re: host-based ips ? SB CH (Apr 21)
  - Re: host-based ips ? Huagang Xie (Apr 21)