IDS mailing list archives

Re: Solaris 10 x86 HIDS

From: Santiago Barahona <sant-bar () dsv su se>
Date: Thu, 29 Mar 2007 07:49:25 +0200


On 23 Mar 07, at 11:31, Stefano Zanero wrote:

Nomellames nunca wrote:

HIDS are different than NIDS.


Quite different.

NIDS cannot defend against insider
attacks, for example.


This is not true. It may be true that currently available NIDS, deployed
as they are currently deployed, cannot. But it's not a distinctive
feature of HIDS against NIDS in general.

>

Maybe Nomellames nunca was referring "insider" to users in the systemwho try perform unauthorised actions whilst logged in. Not via anetwork connection. Besides this, Stefano is right, having aninternal NIDS can be of help to detect/defend insider attacks and ifthe proper technology is used, also misuse/abuse of resources.


cheers
(viva la birra Moretti!)

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfwto learn more.

------------------------------------------------------------------------

Current thread:

Fwd: Solaris 10 x86 HIDS kevin fielder (Mar 14)
- Re: Fwd: Solaris 10 x86 HIDS tim_holman (Mar 15)
- Message not available
  - Re: Fwd: Solaris 10 x86 HIDS Nomellames nunca (Mar 19)
    - Re: Fwd: Solaris 10 x86 HIDS Stefano Zanero (Mar 26)
    - Re: Solaris 10 x86 HIDS Santiago Barahona (Mar 29)