IDS mailing list archives
Re: HIDS for logon authentication
From: Sam Stover <sstover () atrc tsgi us>
Date: Sat, 22 May 2004 06:49:29 -0400
On May 21, 2004, at 8:28 AM, Joe Dauncey wrote:
Hi,I am looking for a Host-Based IDS that can monitor and alarm on remote logons on Solaris 8.
Check out Enterasys' HIDS (formerly DragonSquire): http://www.enterasys.com/products/ids/DSHSS-xxx/I used to work with the IDS devel team at ETS, so I might appear a bit biased, but in my current job, Squire fits my purposes like no other HIDS. Namely the OS support that you are dealing with. Are there any other COTS HIDS that support Solaris? I don't know of any...
If this was all I wanted to do than I would probably looking at something like secure syslog, or a similar log-parsing tool, but we really want the other HIDS functionality as well, and I am keen to avoid having to write custom scripts.The primary requirement is to be able to create alarms based on people logging onto the system, and failing to logon. However, we still want some other HIDS functionality.
I think Squire is precisely what you are looking for. hth. -- S.f. Stover sstover@ iwc.sytexinc.com atrc.sytexinc.com atrc.tsgi.us --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- HIDS for logon authentication Joe Dauncey (May 21)
- Re: HIDS for logon authentication Skip Carter (May 22)
- Re: HIDS for logon authentication Sam Stover (May 22)
- Re: HIDS for logon authentication harald (May 22)
- RE: HIDS for logon authentication Jason J. W. Williams (May 22)
- <Possible follow-ups>
- Re: HIDS for logon authentication Drew Simonis (May 23)