Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Info HIDS

From: captgoodnight () acsalaska net
Date: Fri, 9 Jul 2004 21:00:49 -0800
On Thursday 08 July 2004 08:21 pm, Arun Vishwanathan wrote:

A HIDS has to be installed on the host that it is supposed to protect.
If you want to protect the Webserver without installing the IDS on the
server then you have to look for a NIDS i.e. a Network Intrusion
Detection system.
NIDS will sit typically on your gateway and monitor all the traffic that
passes the gateway. Try looking at Snort (www.snort.org) though Snort is
not a web server specific Intrusion system.

HTH
Regards,
Arun


If ya want to use tripwire, just use it from a cdr! It's that simple. The binaries can't 
be corrupted and can also be run by automation aswell as sent via e-mail via automation.
Thus, all ya have to do is look into your mail box when your curious to the status of your
remote machine. Ckrootkit can also be used from a cdr. It's next to bomb proof! So, if tripwire
is the desire, there's the method. In a nut shell.

compile trip on/like machine (if it's rpm, just move the binaries over to cdr); work the configs!
put to cdr
use cron for activation from cdr 
have reports sent to mailbox
use ssh or pop3s/fetchmail for retrieval of report; do quickly, ntpd for small window creation.
use ntpd to keep machines in sync so as to grab the report right after the creation of it; less time to compromise the 
report.
read mail, be aware.

This is what I use, it's good. Not perfect, but trustworthy to a large degree; what would be better (in regards to the 
context!)

my last post on the subject, I hope it helps.

bests,
cg


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: