Security Basics mailing list archives
Re: Info HIDS
From: captgoodnight () acsalaska net
Date: Fri, 9 Jul 2004 21:00:49 -0800
On Thursday 08 July 2004 08:21 pm, Arun Vishwanathan wrote:
A HIDS has to be installed on the host that it is supposed to protect. If you want to protect the Webserver without installing the IDS on the server then you have to look for a NIDS i.e. a Network Intrusion Detection system. NIDS will sit typically on your gateway and monitor all the traffic that passes the gateway. Try looking at Snort (www.snort.org) though Snort is not a web server specific Intrusion system. HTH Regards, Arun
If ya want to use tripwire, just use it from a cdr! It's that simple. The binaries can't be corrupted and can also be run by automation aswell as sent via e-mail via automation. Thus, all ya have to do is look into your mail box when your curious to the status of your remote machine. Ckrootkit can also be used from a cdr. It's next to bomb proof! So, if tripwire is the desire, there's the method. In a nut shell. compile trip on/like machine (if it's rpm, just move the binaries over to cdr); work the configs! put to cdr use cron for activation from cdr have reports sent to mailbox use ssh or pop3s/fetchmail for retrieval of report; do quickly, ntpd for small window creation. use ntpd to keep machines in sync so as to grab the report right after the creation of it; less time to compromise the report. read mail, be aware. This is what I use, it's good. Not perfect, but trustworthy to a large degree; what would be better (in regards to the context!) my last post on the subject, I hope it helps. bests, cg --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Info HIDS Arun Vishwanathan (Jul 09)
- Re: Info HIDS captgoodnight (Jul 12)