Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: File Integrity Monitoring

From: nikhil () niiconsulting com
Date: 1 Nov 2006 04:08:59 -0000
There are many File Integrity Monitoring tools available out of which some are Sharewares & some are Freewares/Open 
Source. 

a) SAMHAIN file integrity / intrusion detection system:

Desc : Samhain is a multiplatform, open source solution for centralized  file integrity checking / host-based intrusion 
detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with 
potentially different operating systems from a central location, although it can also be used as standalone application 
on a single host.

URL : http://www.la-samhna.de/samhain/

b) Another file integrity checker (Afick) :

Desc : Afick is a fast and portable intrusion detection and integrity monitoring system, designed to work on all 
platform (it only needs perl and standard modules), including windows, linux, unix. The configuration syntax is very 
close from tripwire/aide.

URL : http://sourceforge.net/projects/afick/

c) GFI LANguard System Integrity Monitor 3.0:

Desc : GFI LANguard System Integrity Monitor is a utility that provides intrusion detection by checking whether files 
have been changed, added or deleted on a Windows 2000/NT system. If this happens it will alert the administrator by 
email. Since hackers need to change certain system files to gain access, this utility provides a great means to further 
secure any servers that can be attacked.

URL : http://www.download.com/GFI-LANguard-System-Integrity-Monitor/3000-2653_4-10175457.html

d)  Data Sentinel:

Desc : Data Sentinel performs a cryptographic hashing algorithm on the actual data contained within each of your files 
to determine if they are being tampered with by hackers or viruses. Monitors a total of 15 file properties, 7 registry 
properties, analyses up to 56MB of data per second and compiles automatically generated reports. Data Sentinel may be 
configured to perform integrity checking automatically or manually and then email reports upon completion of the 
checking process.

URL : http://www.ionx.co.uk/html/downloads/evaluation/index.php

e)  Xintegrity Professional :

Desc : Xintegrity Professional enables detection of changes to Windows systems, whether malicious, accidental or during 
new software installation. Xintegrity Professional detects changes to the directory structure, changes to the registry, 
changes to files security access permissions, and changes to the contents of files. Xintegrity Professional detects 
files and folders that have been added or removed, files and folders that have been moved to the recycle bin and files 
and folders that have been created then moved to the recycle bin between database checks. Xintegrity Professional's 
registry modification detection abilities will detect new registry subkeys, removed registry subkeys and changed 
registry values. This detection ability includes changes to normally hidden registry keys such as the SAM and SECURITY 
keys. Xintegrity Professional also detects changes to the security access permissions of any file, including whether 
any new accounts have been created, accounts that 
 have been removed, and changes to every security permission associated with each account. Xintegrity Professional 
additionally detects changes to the contents of any file. This protection is provided to any file type including 
operating system files. Checking algorithms include MD5, SHA1, SHA256 and SHA512.
Xintegrity Professional can automatically create protected backup files [optionally encrypted with 256 bit AES] which 
provides the ability of restoring a pre-modification version of the file. Xintegrity Professional's database files, 
report files and log files are encrypted with 256 bit AES.

URL : http://www.xintegrity.com/download.html

   And the list is endless !!!

Nikhil Wagholikar
Security Analyst

NII Consulting
Web: www.niiconsulting.com
Office Phone : +91 - 022 - 28392628
-------------------------------------------------------------------------------------------

This message may contain privileged and confidential information and is solely for the use of intended recipient. If 
you are not the intended
recipient you should not disseminate, distribute, store, print, copy or deliver this message. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: