IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HIDS for logon authentication

From: Sam Stover <sstover () atrc tsgi us>
Date: Sat, 22 May 2004 06:49:29 -0400

On May 21, 2004, at 8:28 AM, Joe Dauncey wrote:


Hi,
I am looking for a Host-Based IDS that can monitor and alarm on remote logons on Solaris 8. 

Check out Enterasys' HIDS (formerly DragonSquire):

  http://www.enterasys.com/products/ids/DSHSS-xxx/
I used to work with the IDS devel team at ETS, so I might appear a bit biased, but in my current job, Squire fits my purposes like no other HIDS. Namely the OS support that you are dealing with. Are there any other COTS HIDS that support Solaris? I don't know of any...
If this was all I wanted to do than I would probably looking at something like secure syslog, or a similar log-parsing tool, but we really want the other HIDS functionality as well, and I am keen to avoid having to write custom scripts.
The primary requirement is to be able to create alarms based on people logging onto the system, and failing to logon. However, we still want some other HIDS functionality. 

I think Squire is precisely what you are looking for.

hth.

--
S.f. Stover
sstover@
    iwc.sytexinc.com
    atrc.sytexinc.com
    atrc.tsgi.us


---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: