IDS mailing list archives
Re: Host Based IDS
From: Brad Lhotsky <lhotskyb () mail nih gov>
Date: Mon, 20 Oct 2008 16:29:50 -0400
OSSEC does more than just log-based detection. It has hash-based file integrity checksumming, rootkit detection, and the distributed active-response mechanism to immunize all agents against threats detected on just a single node. OSSEC is a very powerful and promising product. It won't function like a NIDS, so it's not a complete solution. It is however a great piece to a complete solution. Stefano Zanero wrote:
Security Group wrote:I am currently evaluating several host-based Intrusion Detection Systems to monitor servers in a DMZ.Which type of servers ?OSSECWhich is a log-based IDS...Open Source TripwireThis is a file alteration monitor...IBM Proventia Enterasys Dragon IDS/IPSAren't these NIDS ?Cisco Security AgentThis is an anomaly-based HIDS... You are comparing apples, oranges, bananas and lemons together... this is not really productive.I am thinking of suggesting OSSEC. Does anyone have any other suggestions?Maybe you should clarify with yourself what you are actually trying to do ;-) Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
-- Brad Lhotsky <lhotskyb () mail nih gov> RRB/NCTS 410.558.8006 .. WAR IS PEACE FREEDOM IS SLAVERY IGNORANCE IS STRENGTH ..
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Host Based IDS Security Group (Oct 20)
- Re: Host Based IDS Stefano Zanero (Oct 20)
- Re: Host Based IDS Brad Lhotsky (Oct 21)
- RE: Host Based IDS Kirk, James P. (Oct 21)
- Message not available
- Re: Host Based IDS Stefano Zanero (Oct 21)
- Re: Host Based IDS jeffrey . stebelton (Oct 21)
- Re: Host Based IDS JiPi DiNi (Oct 22)
- Re: Host Based IDS Stefano Zanero (Oct 20)
- Re: Host Based IDS Dharmendra T (Oct 21)
- Re: Host Based IDS Erik Harrison (Oct 21)
- Re: Host Based IDS belka (Oct 21)
- RE: Host Based IDS Andrew Plato (Oct 21)
- RES: Host Based IDS Rafael Dreher (Oct 21)
- RE: Host Based IDS Andrew Plato (Oct 22)
- RES: Host Based IDS Rafael Dreher (Oct 21)