IDS mailing list archives
Re: Best Host IDS Tools
From: "Frank Cheong" <frankcheong () ctimail3 com>
Date: Wed, 25 Dec 2002 12:49:13 +0800
Then what actually is snort do ? Coz my site is already behind a firewall, is snort still necessary in this case ? I have also got the below list from other, so what are they and how good they are ? Samhain Prelude Honeynet Emerald Are they free ? I also were being told to enable BSM auditing, what are they ? Any reference web site ? Frank ----- Original Message ----- From: "Jerry" <gll () inel gov> To: "frank" <chocobofrank () hotmail com> Cc: <focus-ids () securityfocus com> Sent: Wednesday, December 25, 2002 1:16 AM Subject: Re: Best Host IDS Tools
frank wrote:I have just setup my Web server on solaris platform and is planning to deploy a freeware IDS. Now I am evaluating the below IDS tools :- AIDE Snort Tripwire ChkrootkitYou have 4 different intent tools listed.. AIDE is indeed a host ids...I have tested it, but not had the chance to really deploy it. AIDE looks at all aspects of the system,: file space (user induced DOS), password files, etc. Snort is a NETWORK IDS, not really a host IDS. Snort only
alerts/captures
based on network traffic. Tripwire is used to make sure critical files have not changed via checksum processes. This tool knows nothing of network intrusions, etc. Chkrootkit is a tool used to scan a system fro KNOWN traces of root kits. In truth, you need to deploy ALL of them for a nearly true secure environment. -- ------------------------------------------------------------------ Jerry Litteer Cyber Security Office e-mail: gll () inel gov Idaho National Engineering and Environmental Lab. (INEEL) POB 1625 M.S. 3640 Phone: (208) 526-9117 Idaho Falls, Id. 83415-3640 FAX: (208) 526-9366
Current thread:
- Best Host IDS Tools frank (Dec 24)
- Re: Best Host IDS Tools Bryan Strong (Dec 27)
- RE: Best Host IDS Tools Rob Shein (Dec 27)
- Re: Best Host IDS Tools Frank Knobbe (Dec 27)
- Re: Best Host IDS Tools Jerry (Dec 27)
- Re: Best Host IDS Tools Frank Cheong (Dec 27)