Re: Fwd: Solaris 10 x86 HIDS

["Nomellames nunca" <nomesigas () gmail com>]

On 3/15/07, tim_holman () hotmail com <tim_holman () hotmail com> wrote:
> Not quite a hids but does Tripwire count?  They have Freeware agents for solaris?
> Have you looked at a network IPS to protect your whole web tier rather than host based solutions?

HIDS are different than NIDS. NIDS cannot defend against insider
attacks, for example. I am beginning to grow tired of "experts"
suggesting NIDS when HIDS have a different functionality.

And yes, Samhain, Osiris and Tripwire are HIDSs, but the use a policy
based approach (mostly integrity verification of files). That does not
disqualify them as HIDS.

Best,

-J

> Rgds
>
> Tim
> Sent from my BlackBerry(r) wireless device
>
> -----Original Message-----
> From: "kevin fielder" <kevin.fielder () gmail com>
> Date: Wed, 14 Mar 2007 17:59:02
> To:focus-ids () securityfocus com
> Subject: Fwd: Solaris 10 x86 HIDS
>
> Hi
>
> It's a commercial product, but ISS real secure server sensor supports
> Solaris.  We have used it on Sparc, not x86, but this may be worth
> checking out as it may well meet your needs.
>
> Cheers
>
> Kevin
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of Brian A. Seklecki
> Sent: 24 February 2007 22:13
> To: tsax68 () hotmail com; Ángel Alonso-Párrizas
> Cc: focus-ids () securityfocus com; samhain-users () lists la-samhna de;
> gateway () la-samhna de; forum () la-samhna de
> Subject: Re: Solaris 10 x86 HIDS
>
> Samhain will work on just about any POSIX system; plus it integrates
> with Prelude.
>
> If it fails to compile, consult the list and archives or just ping me.
>
> Cheers,
> ~BAS
>
> On Wed, 2006-12-13 at 14:13 +0000, tsax68 () hotmail com wrote:
> > We are exploring the possibility of deploying Solaris 10 x86 servers in our web tier, and we would of course like to have 
> it protected (somewhat) by HIDS software.  So far, the ONLY solution is the OSSEC product, but I want to make sure I'm not 
> missing any other vendors, free or commercial.  Have  you guys come across any other Solaris 10 x86 HIDS products?
> >
> > Thanks,
> >
> > B-
> >
> > ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it
> > with real-world attacks from CORE IMPACT.
> > Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> > to learn more.
> > ------------------------------------------------------------------------
> >
> >
> >
> >
> >
> >
> >
> --
> Brian A. Seklecki <bseklecki () collaborativefusion com>
> Collaborative Fusion, Inc.
>
>
>
>
> IMPORTANT: This message contains confidential information and is
> intended only for the individual named. If the reader of this message
> is not an intended recipient (or the individual responsible for the
> delivery of this message to an intended recipient), please be advised
> that any re-use, dissemination, distribution or copying of this
> message is prohibited.  Please notify the sender immediately by e-mail
> if you have received this e-mail by mistake and delete this e-mail
> from your system.
>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------