Re: Best Host IDS Tools

["Frank Cheong" <frankcheong () ctimail3 com>]

Then what actually is snort do ? Coz my site is already behind a firewall,
is snort still necessary in this case ?

I have also got the below list from other, so what are they and how good
they are ?
Samhain
Prelude
Honeynet
Emerald

Are they free ?

I also were being told to enable BSM auditing, what are they ? Any reference
web site ?

Frank
----- Original Message -----
From: "Jerry" <gll () inel gov>
To: "frank" <chocobofrank () hotmail com>
Cc: <focus-ids () securityfocus com>
Sent: Wednesday, December 25, 2002 1:16 AM
Subject: Re: Best Host IDS Tools


> frank wrote:
>
> > I have just setup my Web server on solaris platform and is planning to
> > deploy a freeware IDS. Now I am evaluating the below IDS tools :-
> > AIDE
> > Snort
> > Tripwire
> > Chkrootkit
>
> You have 4 different intent tools listed..
>
> AIDE is indeed a host ids...I have tested it, but not had the chance to
> really deploy it.  AIDE looks at all aspects of the system,:  file space
> (user induced DOS), password files, etc.
>
> Snort  is a NETWORK  IDS, not really a host IDS.  Snort only
alerts/captures
> based on network traffic.
>
> Tripwire is used to make sure critical files have not changed via checksum
> processes.  This tool knows nothing of
> network intrusions, etc.
>
> Chkrootkit is a tool used to scan a system fro KNOWN traces of root kits.
>
> In truth, you need to deploy ALL of them for a nearly true secure
> environment.
>
>
>
>
> --
> ------------------------------------------------------------------
> Jerry Litteer
> Cyber Security Office             e-mail:  gll () inel gov
> Idaho National Engineering and Environmental Lab. (INEEL)
> POB 1625 M.S. 3640                Phone: (208) 526-9117
> Idaho Falls, Id. 83415-3640       FAX:   (208) 526-9366