RE: NIDS and HIDS

["Timm, Kevin" <TimmK () netsolve com>]

For HIDS there is also kernel level process interruption which actually does some protection somewhat like AV  

-----Original Message-----
From: Karel Chwistek [mailto:karel_chwistek () cz ibm com] 
Sent: Wednesday, December 01, 2004 2:31 AM
To: Focus IDS List
Subject: Re: NIDS and HIDS

Try to look at:

    IBM Tivoli Security Compliance Manager - http://www-306.ibm.com/software/tivoli/products/security-compliance-mgr/

K.


> I just recently started a new job as a network security analyst and 
> one of my projects is to implement an intrusion detection system.  
> I've been doing some research and pursuing the listserv archives and 
> was wondering if anyone had any thoughts/opinions.
>
>
> For NIDS's, I've been looking at SourceFire's commercialized version 
> of Snort, CISCO's IDS appliances, and McAffee's IntruShield.
>
>
> For HIDS's, there appears to be three main categories:  monitoring the 
> host's file system, the host's network connections, and the host's log 
> files.
> --Host's file system:  I'm looking at Tripwire Manager, Tripwire for 
> Servers, and Tripwire for Network Devices.
>
> --Host's network connections:  I'm looking for an enterprise-wide 
> solution that we can roll out to all the Windows XP machines and 
> centrally manage.  Since we already use Symantec for anti-virus, 
> Symantec's Client Security 2.0 seems to incorporate a centrally 
> managed personal firewall, HIDS, and anti-virus capability.
>
> --Host's log files:  I'm looking at implementing a centralized 
> syslog/syslog-ng server on a Linux box and having all Windows XP boxes 
> and network devices log to it.  I'd also stick the data into a MySQL 
> database to allow for easy querying.
>
> I'd like to have an analysis program that would take data from the 
> NIDS, HIDS, syslog, and tripwire logs, put it all together, and be 
> able to give me some useful charts and graphical summaries so 
> management can see that their money was well spent in securing the 
> organization's infrastructure.
>
>
> Thanks.
> Jason Youngquist
--------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to 
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

> to learn more.
--------------------------------------------------------------------------
>


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------