RE: Host Based IDS Recommendations?

[Milind Nanal <milindyn () rolta com>]

Try 
Secuplat HIDS for NT. It have server agent based features. Link is as below.


http://www.inzen.com/eng/products/HIDS/EP_HIDS_01.asp

I would like to know Unix AIDE which you are talking about. It is server
agent based HIDs?

I am looking for Linux based HIDs which should be more advance than
tripwire. Tripware is just doing file level auditing am  looking for some
feature (on linux box) similar to Secuplat HIDS for NT.the central server
should collect all attack, file change auditing data, User security breaking
data for all my linux box. Just simple agent should be installed on my
linux box to send the attack data to central server. some thing similar to
Snare HIDs.

http://www.intersectalliance.com/projects/Snare/index.html

Your feed back on this is appreciated.

Regards,

Milind  


-----Original Message-----
From: Simon Gray [mailto:simong () desktop-guardian com]
Sent: Monday, October 13, 2003 7:44 PM
To: Alvin Wong; focus-ids () securityfocus com
Subject: Re: Host Based IDS Recommendations?


> I would like to find out for Windows boxes if there are any
> recommendations for Host based IDS, i know that for unix there is AIDE,
> linux, tripwire. What are the solutions for Windows machines? Would
> running a software IDS that is capable of monitoring and protecting the
> file systems a la tripwire with signed hashes kept in removable media be
> sufficient? If there are, what are the usual suspects for host based IDS
> that is used prevalently in industry? I'm hoping for both free and
> commercial solutions


Theres a company called Trustcorps whom provide a commercial solution to
what i believe you're looking for:

http://www.trustcorps.com/

"Intrusion Prevention technology such as TRUSHIELD™ is designed to not only
detect activities on the server that could damage data or that are
unauthorised activities, but stops them dead in their tracks. Where
Intrusion detection stops, IPS takes over, to ensure that critical systems
are as highly protected as possible from the threats of known and unknown
security attacks."


---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
---------------------------------------------------------------------------