FW: Host Based IDS Recommendations?

["Zach Forsyth" <Zach.Forsyth () kiandra com>]

Alvin,

Try here for an overview of what is on the market:
http://www.networkintrusion.co.uk/HIDS.htm

Keep an eye on this page: http://www.nss.co.uk/ForthcomingEvents/ips.htm
They are planning an IPS report for december this year.
Have a look at their other reports as they are very nicely done.

I have played around a lot with IPS/HIDS and would recommend
Okena/Cisco. 
Seems to do a great job at a relatively nice price.

Haven't had time to look into open source so can't help with that
aspect.

Cheers

Z

> -----Original Message-----
> From: Alvin Wong [mailto:alvin.wong () b2b com my]
> Sent: Friday, 10 October 2003 16:41 PM
> To: focus-ids () securityfocus com
> Subject: Host Based IDS Recommendations?
>
>
> Hi,
>
> I would like to find out for Windows boxes if there are any
> recommendations for Host based IDS, i know that for unix 
> there is AIDE, linux, tripwire. What are the solutions for 
> Windows machines? Would running a software IDS that is 
> capable of monitoring and protecting the file systems a la 
> tripwire with signed hashes kept in removable media be 
> sufficient? If there are, what are the usual suspects for 
> host based IDS that is used prevalently in industry? I'm 
> hoping for both free and commercial solutions
>
> Regards,
> Alvin



---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------