IDS mailing list archives
RE: using HIDS for change control
From: "Rivera,Angel L." <ARIVERA () mitre org>
Date: Fri, 26 Aug 2005 13:21:09 -0400
It has been a while since I used Tripwire but I believe you manually run it to detect changes - I think HIDS have two components - one checks at the network level - the other looks at system logs for specific events - both in close to real time. One assumption is that system logs are recording changes to system configuration settings - Advantage of HIDS is the detection in real time of this change - it also eases the burden of having to run tripwire repeatedly. The security person only needs to run tripwire if it detects a HIDS alert. -----Original Message----- From: Ron Gula [mailto:rgula () tenablesecurity com] Sent: Thursday, August 25, 2005 5:25 AM To: Rivera,Angel L.; focus-ids () lists securityfocus com Subject: RE: using HIDS for change control Yes. Tripwire does this. Their underlying technology detects change. Ron Gula, CTO Tenable Network Security On Thu, 25 Aug 2005 5:21am, Rivera,Angel L. wrote:
Does anyone on this list know of a sponsor that is using HIDS to monitor changes to a system's (Unix & Windows) configuration? The goal is to build a server according to specs (this would include hardening of the OS + agency specific security settings) then use a HIDS to detect and alert on any changes. Theoretically speaking, I know this can be done, but is anyone doing this?
----------------------------------------------------------------------- -
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
----------------------------------------------------------------------- - --rgula ----------------------------------------------------------------------- - Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ----------------------------------------------------------------------- - ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: using HIDS for change control Rivera,Angel L. (Aug 24)
- RE: using HIDS for change control Daniel Cid (Aug 25)
- RE: using HIDS for change control Ron Gula (Aug 25)
- <Possible follow-ups>
- RE: using HIDS for change control Evans, Arian (Aug 25)
- RE: using HIDS for change control Andrew Plato (Aug 27)
- RE: using HIDS for change control Rivera,Angel L. (Aug 27)