Re: NIDS and HIDS

[Martin Mkrtchian <dotsecure () gmail com>]

New version of entercept has desktop firewall option. 

It is a great enterprise wide solution. It ties right in with
Entercept management console and you can manage both entercept servers
and desktops at the same time. The new version of entercept also has
graphical charts, if thats what you are looking for.  You may want to
tie that with Mcafee is intrushield IPS solution. We have been using
it for a while both entercept and intrushield and we have been pretty
happy with it.


Thanks

Martin Mkrtchian

dotsecure () gmail com


On Sat, 04 Dec 2004 06:47:32 +0400, KC <lists () sonicc net> wrote:
> Regarding your Symantec Client Security comment, just a note that there
> is no HIDS in that product, its more like a basic signature based IDS at
> the host level,
> it does'nt perform any of the advance HIDS functionality that you'd
> expect from a full HIDS product.
>
>
>
>
> Youngquist, Jason R. wrote:
>
> > I just recently started a new job as a network security analyst and one
> > of my projects is to implement an intrusion detection system.  I've been
> > doing some research and pursuing the listserv archives and was wondering
> > if anyone had any thoughts/opinions.
> >
> >
> > For NIDS's, I've been looking at SourceFire's commercialized version of
> > Snort, CISCO's IDS appliances, and McAffee's IntruShield.
> >
> >
> > For HIDS's, there appears to be three main categories:  monitoring the
> > host's file system, the host's network connections, and the host's log
> > files.
> > --Host's file system:  I'm looking at Tripwire Manager, Tripwire for
> > Servers, and Tripwire for Network Devices.
> >
> > --Host's network connections:  I'm looking for an enterprise-wide
> > solution that we can roll out to all the Windows XP machines and
> > centrally manage.  Since we already use Symantec for anti-virus,
> > Symantec's Client Security 2.0 seems to incorporate a centrally managed
> > personal firewall, HIDS, and anti-virus capability.
> >
> > --Host's log files:  I'm looking at implementing a centralized
> > syslog/syslog-ng server on a Linux box and having all Windows XP boxes
> > and network devices log to it.  I'd also stick the data into a MySQL
> > database to allow for easy querying.
> >
> > I'd like to have an analysis program that would take data from the NIDS,
> > HIDS, syslog, and tripwire logs, put it all together, and be able to
> > give me some useful charts and graphical summaries so management can see
> > that their money was well spent in securing the organization's
> > infrastructure.
> >
> >
> > Thanks.
> > Jason Youngquist
> >
> >
> > --------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks from
> > CORE IMPACT.
> > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> > to learn more.
> > --------------------------------------------------------------------------
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------