IDS mailing list archives

Re: Best Host IDS Tools

From: Jerry <gll () inel gov>
Date: Tue, 24 Dec 2002 10:16:57 -0700

frank wrote:

I have just setup my Web server on solaris platform and is planning to
deploy a freeware IDS. Now I am evaluating the below IDS tools :-
AIDE
Snort
Tripwire
Chkrootkit


You have 4 different intent tools listed..

AIDE is indeed a host ids...I have tested it, but not had the chance to
really deploy it.  AIDE looks at all aspects of the system,:  file space
(user induced DOS), password files, etc.

Snort  is a NETWORK  IDS, not really a host IDS.  Snort only alerts/captures
based on network traffic.

Tripwire is used to make sure critical files have not changed via checksum
processes.  This tool knows nothing of
network intrusions, etc.

Chkrootkit is a tool used to scan a system fro KNOWN traces of root kits.

In truth, you need to deploy ALL of them for a nearly true secure
environment.




--
------------------------------------------------------------------
Jerry Litteer
Cyber Security Office             e-mail:  gll () inel gov
Idaho National Engineering and Environmental Lab. (INEEL)
POB 1625 M.S. 3640                Phone: (208) 526-9117
Idaho Falls, Id. 83415-3640       FAX:   (208) 526-9366

Current thread:

Best Host IDS Tools frank (Dec 24)
- Re: Best Host IDS Tools Bryan Strong (Dec 27)
- RE: Best Host IDS Tools Rob Shein (Dec 27)
- Re: Best Host IDS Tools Frank Knobbe (Dec 27)
- Re: Best Host IDS Tools Jerry (Dec 27)
  - Re: Best Host IDS Tools Frank Cheong (Dec 27)