Re: Host Based IDS

[Brad Lhotsky <lhotskyb () mail nih gov>]

OSSEC does more than just log-based detection.  It has hash-based file
integrity checksumming, rootkit detection, and the distributed
active-response mechanism to immunize all agents against threats
detected on just a single node.

OSSEC is a very powerful and promising product.  It won't function like
a NIDS, so it's not a complete solution.  It is however a great piece to
a complete solution.

Stefano Zanero wrote:
> Security Group wrote:
>
> > I am currently evaluating several host-based Intrusion Detection
> > Systems to monitor servers in a DMZ. 
>
> Which type of servers ?
>
> > OSSEC
>
> Which is a log-based IDS...
>
> > Open Source Tripwire
>
> This is a file alteration monitor...
>
> > IBM Proventia
> > Enterasys Dragon IDS/IPS
>
> Aren't these NIDS ?
>
> > Cisco Security Agent
>
> This is an anomaly-based HIDS...
>
> You are comparing apples, oranges, bananas and lemons together... this
> is not really productive.
>
> > I am thinking of suggesting OSSEC. Does anyone have any other suggestions?
>
> Maybe you should clarify with yourself what you are actually trying to
> do ;-)
>
> Stefano
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it 
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
> to learn more.
> ------------------------------------------------------------------------

-- 
Brad Lhotsky <lhotskyb () mail nih gov>
RRB/NCTS 410.558.8006
  .. WAR IS PEACE
     FREEDOM IS SLAVERY
     IGNORANCE IS STRENGTH ..

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature