Security Basics mailing list archives
Re: File Integrity Monitoring
From: nikhil () niiconsulting com
Date: 1 Nov 2006 04:08:59 -0000
There are many File Integrity Monitoring tools available out of which some are Sharewares & some are Freewares/Open Source. a) SAMHAIN file integrity / intrusion detection system: Desc : Samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host. URL : http://www.la-samhna.de/samhain/ b) Another file integrity checker (Afick) : Desc : Afick is a fast and portable intrusion detection and integrity monitoring system, designed to work on all platform (it only needs perl and standard modules), including windows, linux, unix. The configuration syntax is very close from tripwire/aide. URL : http://sourceforge.net/projects/afick/ c) GFI LANguard System Integrity Monitor 3.0: Desc : GFI LANguard System Integrity Monitor is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/NT system. If this happens it will alert the administrator by email. Since hackers need to change certain system files to gain access, this utility provides a great means to further secure any servers that can be attacked. URL : http://www.download.com/GFI-LANguard-System-Integrity-Monitor/3000-2653_4-10175457.html d) Data Sentinel: Desc : Data Sentinel performs a cryptographic hashing algorithm on the actual data contained within each of your files to determine if they are being tampered with by hackers or viruses. Monitors a total of 15 file properties, 7 registry properties, analyses up to 56MB of data per second and compiles automatically generated reports. Data Sentinel may be configured to perform integrity checking automatically or manually and then email reports upon completion of the checking process. URL : http://www.ionx.co.uk/html/downloads/evaluation/index.php e) Xintegrity Professional : Desc : Xintegrity Professional enables detection of changes to Windows systems, whether malicious, accidental or during new software installation. Xintegrity Professional detects changes to the directory structure, changes to the registry, changes to files security access permissions, and changes to the contents of files. Xintegrity Professional detects files and folders that have been added or removed, files and folders that have been moved to the recycle bin and files and folders that have been created then moved to the recycle bin between database checks. Xintegrity Professional's registry modification detection abilities will detect new registry subkeys, removed registry subkeys and changed registry values. This detection ability includes changes to normally hidden registry keys such as the SAM and SECURITY keys. Xintegrity Professional also detects changes to the security access permissions of any file, including whether any new accounts have been created, accounts that have been removed, and changes to every security permission associated with each account. Xintegrity Professional additionally detects changes to the contents of any file. This protection is provided to any file type including operating system files. Checking algorithms include MD5, SHA1, SHA256 and SHA512. Xintegrity Professional can automatically create protected backup files [optionally encrypted with 256 bit AES] which provides the ability of restoring a pre-modification version of the file. Xintegrity Professional's database files, report files and log files are encrypted with 256 bit AES. URL : http://www.xintegrity.com/download.html And the list is endless !!! Nikhil Wagholikar Security Analyst NII Consulting Web: www.niiconsulting.com Office Phone : +91 - 022 - 28392628 ------------------------------------------------------------------------------------------- This message may contain privileged and confidential information and is solely for the use of intended recipient. If you are not the intended recipient you should not disseminate, distribute, store, print, copy or deliver this message. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: File Integrity Monitoring Roman Schlegel (Nov 01)
- <Possible follow-ups>
- Re: File Integrity Monitoring Saqib Ali (Nov 01)
- Re: File Integrity Monitoring nikhil (Nov 01)
- Re: File Integrity Monitoring Daniel Cid (Nov 01)
- Re: File Integrity Monitoring Michal Merta (Nov 01)
- RE: File Integrity Monitoring Joe_Wulf (Nov 01)
- RE: File Integrity Monitoring Shain Singh (Nov 01)
- RE: File Integrity Monitoring andy cuff (Nov 03)