IDS mailing list archives
Re: Best Host IDS Tools
From: Jerry <gll () inel gov>
Date: Tue, 24 Dec 2002 10:16:57 -0700
frank wrote:
I have just setup my Web server on solaris platform and is planning to deploy a freeware IDS. Now I am evaluating the below IDS tools :- AIDE Snort Tripwire Chkrootkit
You have 4 different intent tools listed.. AIDE is indeed a host ids...I have tested it, but not had the chance to really deploy it. AIDE looks at all aspects of the system,: file space (user induced DOS), password files, etc. Snort is a NETWORK IDS, not really a host IDS. Snort only alerts/captures based on network traffic. Tripwire is used to make sure critical files have not changed via checksum processes. This tool knows nothing of network intrusions, etc. Chkrootkit is a tool used to scan a system fro KNOWN traces of root kits. In truth, you need to deploy ALL of them for a nearly true secure environment. -- ------------------------------------------------------------------ Jerry Litteer Cyber Security Office e-mail: gll () inel gov Idaho National Engineering and Environmental Lab. (INEEL) POB 1625 M.S. 3640 Phone: (208) 526-9117 Idaho Falls, Id. 83415-3640 FAX: (208) 526-9366
Current thread:
- Best Host IDS Tools frank (Dec 24)
- Re: Best Host IDS Tools Bryan Strong (Dec 27)
- RE: Best Host IDS Tools Rob Shein (Dec 27)
- Re: Best Host IDS Tools Frank Knobbe (Dec 27)
- Re: Best Host IDS Tools Jerry (Dec 27)
- Re: Best Host IDS Tools Frank Cheong (Dec 27)