IDS mailing list archives

RE: using HIDS for change control

From: Ron Gula <rgula () tenablesecurity com>
Date: Thu, 25 Aug 2005 05:25:10 -0400

Yes. Tripwire does this. Their underlying technology detects change.

Ron Gula, CTO
Tenable Network Security


On Thu, 25 Aug 2005 5:21am, Rivera,Angel L. wrote:

Does anyone on this list know of a sponsor that is using HIDS tomonitor

changes to a system's (Unix & Windows) configuration?

The goal is to build a server according to specs (this would include

hardening of the OS + agency specific security settings) then use aHIDS

to detect and alert on any changes.

Theoretically speaking, I know this can be done, but is anyone doing
this?

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.

Go tohttp://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------

--rgula

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

------------------------------------------------------------------------

Current thread:

RE: using HIDS for change control Rivera,Angel L. (Aug 24)
- RE: using HIDS for change control Daniel Cid (Aug 25)
- RE: using HIDS for change control Ron Gula (Aug 25)
- <Possible follow-ups>
- RE: using HIDS for change control Evans, Arian (Aug 25)
- RE: using HIDS for change control Andrew Plato (Aug 27)
- RE: using HIDS for change control Rivera,Angel L. (Aug 27)