Security Basics mailing list archives
Re: HIDS recommendations
From: Jimi Thompson <jimit () myrealbox com>
Date: Thu, 11 Sep 2003 23:15:53 -0500
Tripwire isn't really intrusion detection, it's more change control. File X was changed on date Y at time Z. If you want HIDS, you have a three basic groups of choices of open source products - the firewall types like IPChains/Tables and TCPWrappers and the log watchers like well, logwatch and scour.
Then there's this guy http://freshmeat.net/projects/idea/?topic_id=152%2C245%2C43%2C1017 I haven't had much chance to play with it yet, but it looks quite promising. HTH, Jimi At 9:28 AM -0700 9/11/03, Tom Dominico, Jr. wrote:
I am interested in using a host-based IDS for a few of our servers that face the Internet and are most vulnerable. The only product I am even slightly familiar with is Tripwire, which apparently comes in free and non-free variants. I am interested in your experiences and recommendations. Eventually I would like to team this up with some sort of NIDS, but that's a fairly large undertaking, from what I've gathered. I thought that it might be easier to start off with HIDS. My servers are currently Windows-based, but there will most likely be a Linux or BSD box in the mix very shortly. They run basic services such as web, mail, etc. Any thoughts? Thanks. Tom Dominico --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
---------------------------------------------------------------------------Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Current thread:
- HIDS recommendations Tom Dominico, Jr. (Sep 11)
- RES: HIDS recommendations Eduardo Sanches (Sep 11)
- Re: HIDS recommendations Jimi Thompson (Sep 12)
- RE: HIDS recommendations David Gillett (Sep 12)
- <Possible follow-ups>
- RE: HIDS recommendations Megan Golding (Sep 12)