IDS mailing list archives
RE: NIDS and HIDS
From: "Maynor, David (ISS Atlanta)" <dmaynor () iss net>
Date: Wed, 8 Dec 2004 19:04:38 -0500
http://www.phrack.org/show.php?p=62&a=5 Take a look at this article when looking at HIDS solutions. -----Original Message----- From: Martin Mkrtchian [mailto:dotsecure () gmail com] Sent: Tuesday, December 07, 2004 5:10 PM To: KC Cc: Youngquist, Jason R.; Focus IDS List Subject: Re: NIDS and HIDS New version of entercept has desktop firewall option. It is a great enterprise wide solution. It ties right in with Entercept management console and you can manage both entercept servers and desktops at the same time. The new version of entercept also has graphical charts, if thats what you are looking for. You may want to tie that with Mcafee is intrushield IPS solution. We have been using it for a while both entercept and intrushield and we have been pretty happy with it. Thanks Martin Mkrtchian dotsecure () gmail com On Sat, 04 Dec 2004 06:47:32 +0400, KC <lists () sonicc net> wrote:
Regarding your Symantec Client Security comment, just a note that
there
is no HIDS in that product, its more like a basic signature based IDS
at
the host level, it does'nt perform any of the advance HIDS functionality that you'd expect from a full HIDS product. Youngquist, Jason R. wrote:I just recently started a new job as a network security analyst and
one
of my projects is to implement an intrusion detection system. I've
been
doing some research and pursuing the listserv archives and was
wondering
if anyone had any thoughts/opinions. For NIDS's, I've been looking at SourceFire's commercialized version
of
Snort, CISCO's IDS appliances, and McAffee's IntruShield. For HIDS's, there appears to be three main categories: monitoring
the
host's file system, the host's network connections, and the host's
log
files. --Host's file system: I'm looking at Tripwire Manager, Tripwire for Servers, and Tripwire for Network Devices. --Host's network connections: I'm looking for an enterprise-wide solution that we can roll out to all the Windows XP machines and centrally manage. Since we already use Symantec for anti-virus, Symantec's Client Security 2.0 seems to incorporate a centrally
managed
personal firewall, HIDS, and anti-virus capability. --Host's log files: I'm looking at implementing a centralized syslog/syslog-ng server on a Linux box and having all Windows XP
boxes
and network devices log to it. I'd also stick the data into a MySQL database to allow for easy querying. I'd like to have an analysis program that would take data from the
NIDS,
HIDS, syslog, and tripwire logs, put it all together, and be able to give me some useful charts and graphical summaries so management can
see
that their money was well spent in securing the organization's infrastructure. Thanks. Jason Youngquist-----------------------------------------------------------------------
---
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks
from
CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.-----------------------------------------------------------------------
---
------------------------------------------------------------------------ --
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------ --
------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: NIDS and HIDS Bastian Ballmann (Dec 01)
- <Possible follow-ups>
- Re: NIDS and HIDS Karel Chwistek (Dec 01)
- Re: NIDS and HIDS Jason Haar (Dec 02)
- Re: NIDS and HIDS Matthew Romanek (Dec 03)
- open source ids list for implementation gaurav_jindal (Dec 07)
- Re: NIDS and HIDS Jason Haar (Dec 02)
- Re: NIDS and HIDS Matthew Romanek (Dec 01)
- RE: NIDS and HIDS Timm, Kevin (Dec 02)
- RE: NIDS and HIDS Chris Petersen (Dec 02)
- Re: NIDS and HIDS KC (Dec 06)
- Re: NIDS and HIDS Martin Mkrtchian (Dec 08)
- RE: NIDS and HIDS Maynor, David (ISS Atlanta) (Dec 09)