IDS mailing list archives
Re: Host Based IDS
From: jeffrey.stebelton () citi com
Date: Tue, 21 Oct 2008 07:40:02 -0400
Enterasys Dragon does have a HIDS product. It mainly supports IIS and Apache on Linux as far as log monitoring; if you run other platforms like Citrix, Apache on Windows, Lotus Domino or other web or ftp servers you'd have to roll your own policy and signatures. Jeff Stefano Zanero <s.zanero@securen etwork.it> To Sent by: Security Group <secgro () gmail com> listbounce@securi cc tyfocus.com focus-ids () securityfocus com Subject Re: Host Based IDS 10/20/2008 04:00 PM Security Group wrote:
I am currently evaluating several host-based Intrusion Detection Systems to monitor servers in a DMZ.
Which type of servers ?
OSSEC
Which is a log-based IDS...
Open Source Tripwire
This is a file alteration monitor...
IBM Proventia Enterasys Dragon IDS/IPS
Aren't these NIDS ?
Cisco Security Agent
This is an anomaly-based HIDS... You are comparing apples, oranges, bananas and lemons together... this is not really productive.
I am thinking of suggesting OSSEC. Does anyone have any other
suggestions? Maybe you should clarify with yourself what you are actually trying to do ;-) Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ Disclaimer: The information contained in this message is confidential and intended only for the use of the individual or entity identified. If the reader of this message is not the intended recipient, any dissemination distribution or copying of the information contained in this message is strictly prohibited. If you received this message in error, please notify the sender immediately and destroy any copies you may have. Citi, Inc and its affiliates assume no liability for data tampering or loss of confidentiality, which occur outside its direct control as a result of the use of unencrypted communications methods. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Host Based IDS Security Group (Oct 20)
- Re: Host Based IDS Stefano Zanero (Oct 20)
- Re: Host Based IDS Brad Lhotsky (Oct 21)
- RE: Host Based IDS Kirk, James P. (Oct 21)
- Message not available
- Re: Host Based IDS Stefano Zanero (Oct 21)
- Re: Host Based IDS jeffrey . stebelton (Oct 21)
- Re: Host Based IDS JiPi DiNi (Oct 22)
- Re: Host Based IDS Stefano Zanero (Oct 20)
- Re: Host Based IDS Dharmendra T (Oct 21)
- Re: Host Based IDS Erik Harrison (Oct 21)
- Re: Host Based IDS belka (Oct 21)
- RE: Host Based IDS Andrew Plato (Oct 21)
- RES: Host Based IDS Rafael Dreher (Oct 21)
- RE: Host Based IDS Andrew Plato (Oct 22)
- RE: Host Based IDS Leandro Venturini (Oct 24)
- Re: Host Based IDS ॐ aditya mukadam ॐ (Oct 27)
- RES: Host Based IDS Rafael Dreher (Oct 21)