IDS mailing list archives
Re: HIDS solution for NT4 machines
From: David Glosser <david_glosser () yahoo com>
Date: Wed, 05 Oct 2005 17:22:33 -0400
A few random thoughts...Would a program like tripwire help? It will tell you if any system binaries have changed. There may even be freeware versions/clones available. (I know it won't prevent an infection, but will alert you once it happens)
Will spybot or ad-aware work on NT?How about one of those host files to block malicious sites (http://www.mvps.org/winhelp2002/hosts.htm)
Can any of these NT4 boxes be run in vmware? At least then you can take a snapshots of good copies.
Can you front-end these servers and workstations with a firewall/IPS? Place them in an isolated network segment?
Good luck, and please let us know what solution works best for you.----- Original Message ----- From: <bcihak () gmail com>
To: <focus-ids () securityfocus com> Sent: Monday, October 03, 2005 12:51 PM Subject: HIDS solution for NT4 machines
I work in a large distributed network. We have several workstations and servers that are running on NT4. I've been tasked with finding some sort of a HIDS (Host based Intrusion Detection System) software solution to protect these machines from zero day exploits, worms, and BO's. I've looked at Cisco, Blink by Eeye, Destop Protector by ISS, and Primary Response by Sana Security. None of these will support anything lower than NT4 SP6a. My biggest problem is I have several machines that are running below SP6a and because of the flaky software running on these machines, I can't install SP6a without breaking the app. Does anyone have any good experience with other products for NT4 server/workstation below SP6a.Just a side note, most of these machines will be replaced within 2 years, but that is a long time to leave exposed machines on the network.Thanks! Bcihak ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- HIDS solution for NT4 machines bcihak (Oct 05)
- RE: HIDS solution for NT4 machines Jason (Oct 06)
- Message not available
- Re: HIDS solution for NT4 machines Jason Thompson (Oct 06)
- Message not available
- RE: HIDS solution for NT4 machines Jason (Oct 06)
- Re: HIDS solution for NT4 machines David Glosser (Oct 06)
- <Possible follow-ups>
- Re: HIDS solution for NT4 machines bcihak (Oct 06)