IDS mailing list archives

Re: host-based ips ?

From: Huagang Xie <xie () www lids org>
Date: Fri, 18 Apr 2003 00:45:30 -0700

Yes, Grseurity integrit PaX which can prevent buffer overflow attacks and some more useful features. 

In order to prevent attacks, a good host based IPS need a secureOS to support it. On linux, a frame work named 
LSM(lsm.immunix.org) is very useful to implement a secure Linux OS which already in kernel 2.5.x. 

Huagang
On Fri, Apr 18, 2003 at 06:28:32AM +0000, SB CH wrote:


Good comment.

and I think Grsecurity(http://www.grsecurity.net/) is good too, for linux.

additionally, I have a question what's the difference between SeucreOS and 
Host based IPS and LIDS and Grsecurity?


Thanks.


From: Huagang Xie <xie () www lids org>
To: focus-ids () securityfocus com
Subject: Re: host-based ips ?
Date: Thu, 17 Apr 2003 22:58:03 -0700

For linux, LIDS(Linux Intrusion Detection System, www.lids.org), an open 
source GPLed kernel enhancement software,  can prevent file system from 
being modified, network setting from being changed, and even prevent worm 
spreading and more.  In this case, LIDS could be treated as a Host base 
IPS..:-)

Huagang


On Thu, Apr 17, 2003 at 09:32:47PM +0900, Quynh Nguyen Anh wrote:

hello,

there are some nips (network based ips), but i never ever heard about
host based ips. any body have known about this?

thanh you a lot.
--
Quynh

------------------------------------------------------------------------------

INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM

capabilities

- including intrusion identification, relevancy, direction, impact and
analysis - enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths,

Challenges,

and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids


--
LIDS secure linux kernel
http://www.lids.org/
1024D/B6EFB028                4731 2BF7 7735 4DBD 3771  4E24 B53B B60A 
B6EF B028
<< attach3 >>


_________________________________________________________________
MSN Messenger?? ???? ?????????? ???? ?????? ?????? ????????.   
http://messenger.msn.co.kr


-- 
LIDS secure linux kernel
http://www.lids.org/
1024D/B6EFB028          4731 2BF7 7735 4DBD 3771  4E24 B53B B60A B6EF B028

Attachment: _bin
Description:

Current thread:

host-based ips ? Quynh Nguyen Anh (Apr 17)
- Re: host-based ips ? Huagang Xie (Apr 17)
  - Re: host-based ips ? John Ruff (Apr 21)
- Re: host-based ips ? Mike Frantzen (Apr 21)
- <Possible follow-ups>
- RE: host-based ips ? Shimono, Toshio (ISS Tokyo) (Apr 17)
  - RE: host-based ips ? Security News (Apr 21)
- RE: host-based ips ? Adam Powers (Apr 17)
  - RE: host-based ips ? Chris Petersen (Apr 21)
- Re: host-based ips ? SB CH (Apr 21)
  - Re: host-based ips ? Huagang Xie (Apr 21)