IDS mailing list archives
RE: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro
From: "Bill Stout" <bill.stout () greenborder com>
Date: Tue, 16 Aug 2005 16:58:28 -0700
That would be a version of a sandbox which can be implemented; as applets, jails, virtual machines, or a capability system. You might also take a look at our demo download. It's along the same lines, although it extends protection to the file system, registry, network, DCOM, and user shell. To do so you'll need to granularly hook into system calls at the kernel level, and have logic to determine when to launch a process in protected space. Here's a direct link (bypasses registration steps): http://www.greenborder.com/downloads/GreenBorder_TestDrive_v101.zip. Come back and register through the main web page if you're interested in deploying this in a company environment. Bill -----Original Message----- From: Brian Azzopardi [mailto:brian () unixpoet com] Sent: Tuesday, August 09, 2005 11:21 AM To: Bill Stout; focus-ids () securityfocus com Subject: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro I have implemented a tool which might be useful to protect against both known and unknown malware. The tool works by restricting the user-specified applications to, what in Unix-land would be, a jail. The applications, for example IE or Outlook, have only read/write or read only rights to certain directories/files. In future I plan to extend the app to protect the registry as well. I've tested it on W2k/XPpro/W2k3. I would love to know what the list think of the idea. Thanks, Brian PS If enough people ask I will release it. -----Original Message----- From: Bill Stout [mailto:bill.stout () greenborder com] Sent: Thursday, August 04, 2005 6:20 AM To: focus-ids () securityfocus com Subject: Looking for HIDS-only products for XP/2000Pro I'm assuming most companies do both HIDS and blocking. Are there any companies which specialize in HIDS for XP/2000Pro? Specifically passive (worm/virus/Trojan) attacks, maybe with an online database for reference. In other words, if we have a product which protects against certain vectors (IE & Outlook), and we want to prove that it did protect them although it doesn't detect, what could I use to detect and identify specific attacks? Bill Stout Director of IT GreenBorder, Inc www.greenborder.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro Bill Stout (Aug 18)