IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Update : SIDTk 1.1

From: "SecurIT Informatique Inc." <securit () iquebec com>
Date: Wed, 06 Oct 2004 17:53:52 -0400
Hello list members,
This is to inform you that the following softwares have been updated to these versions (http://securit.quebec.com/): 

SécurIT Intrusion Detection Toolkit 1.1 (SIDTk 1.1)

The SIDTk is made of the following modules:
- ADSScan 1.0 : An <http://iquebec.ifrance.com/securit/'http://www.google.ca/search?q="alternate+data+streams"&ie=UTF-8&oe=UTF-8&hl=en&meta=¸&apos;>Alternate Data Streams scanner (3) 
- IntegCheck 1.1 : A filesystem integrity checker (3)
- LogUser 1.1 : A module to detect invalid user accounts (1) (2) (3)
- LogShares 1.1 : A module to detect non-allowed shares on the machine (1) (2) (3) 
- LogServices 1.1 : A module to detect non-allowed services (1) (2) (3)
- LogStartup 1.1 : A module to detect suspicious items inserted for automatic startup (1) (2) (3) - LogProc 1.1 : A module to detect rogue processes running in memory (1) (2) (3) - Autoconfig.exe : A module that helps to configure quickly most of the modules in the SIDTk. (2) (3)
The goal of these modules is to capture volatile forensics data as hints of intrusion before it disappears. 

This update includes the following changes in these software:
(1) Modified the module so that it loads in memory only once and then performs regular checks, instead of prior version which performed the check only once and needed to be launched regularly. Reduces I/O. 
(2) Created the utility Autoconfig to configure more easily these modules
(3) Creation of the SIDTk 1.1 Pro, which contains the exact same code but is compiled in order to not appear on the desktop when active. Note that the same results can be achieved when using SIDTk Open Source with LogAgent Pro, this is meant as an alternative 

Thank you for your time

Adam Richard
SécurIT Informatique Inc. 
--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: