Security Basics mailing list archives

Re: HIDS recommendations

From: Jimi Thompson <jimit () myrealbox com>
Date: Thu, 11 Sep 2003 23:15:53 -0500

Tripwire isn't really intrusion detection, it's more change control.File X was changed on date Y at time Z. If you want HIDS, you have athree basic groups of choices of open source products - the firewalltypes like IPChains/Tables and TCPWrappers and the log watchers likewell, logwatch and scour.


Then there's this guy

http://freshmeat.net/projects/idea/?topic_id=152%2C245%2C43%2C1017

I haven't had much chance to play with it yet, but it looks quite promising.

HTH,

Jimi


At 9:28 AM -0700 9/11/03, Tom Dominico, Jr. wrote:

I am interested in using a host-based IDS for a few of our servers that
face the Internet and are most vulnerable.  The only product I am even
slightly familiar with is Tripwire, which apparently comes in free and
non-free variants.  I am interested in your experiences and
recommendations.  Eventually I would like to team this up with some sort
of NIDS, but that's a fairly large undertaking, from what I've gathered.
I thought that it might be easier to start off with HIDS.  My servers
are currently Windows-based, but there will most likely be a Linux or
BSD box in the mix very shortly.  They run basic services such as web,
mail, etc.  Any thoughts?  Thanks.

Tom Dominico


---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------



---------------------------------------------------------------------------

Captus NetworksAre you prepared for the next Sobig & Blaster?- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans- Precisely Define and Implement Network Security- Automatically Control P2P, IM and Spam TrafficFIND OUT NOW - FREE Vulnerability Assessment Toolkithttp://www.captusnetworks.com/ads/42.htm

----------------------------------------------------------------------------

Current thread:

HIDS recommendations Tom Dominico, Jr. (Sep 11)
- RES: HIDS recommendations Eduardo Sanches (Sep 11)
- Re: HIDS recommendations Jimi Thompson (Sep 12)
  - RE: HIDS recommendations David Gillett (Sep 12)
- <Possible follow-ups>
- RE: HIDS recommendations Megan Golding (Sep 12)