RE: Host Based IDS Recommendations?

[Alvin Wong <alvin.wong () b2b com my>]

Hi Milind,

Thanks for the recommendation for Windows HIDS.
AIDE is a similar-esque HIDS to Tripwire but works on Unix servers. The
Unix Tripwire version is commercial and you have to pay in order to use
it but as a freeware, AIDE works fine. 
As per the recommendations of some in this thread, you can have a look
at osiris, http://osiris.shmoo.com
I am still in the process of getting it to work for me but with some
tweaking and time to do the tweaking, it should be working fine.:>

You can also try samhain, http://la-samhna.de/samhain/
I haven't tried it but you should have a look.

Regards,
Alvin

On Wed, 2003-10-15 at 21:39, Milind Nanal wrote:
> Try 
> Secuplat HIDS for NT. It have server agent based features. Link is as below.
>
>
> http://www.inzen.com/eng/products/HIDS/EP_HIDS_01.asp
>
> I would like to know Unix AIDE which you are talking about. It is server
> agent based HIDs?
>
> I am looking for Linux based HIDs which should be more advance than
> tripwire. Tripware is just doing file level auditing am  looking for some
> feature (on linux box) similar to Secuplat HIDS for NT.the central server
> should collect all attack, file change auditing data, User security breaking
> data for all my linux box. Just simple agent should be installed on my
> linux box to send the attack data to central server. some thing similar to
> Snare HIDs.
>
> http://www.intersectalliance.com/projects/Snare/index.html
>
> Your feed back on this is appreciated.
>
> Regards,
>
> Milind  
>
>
> -----Original Message-----
> From: Simon Gray [mailto:simong () desktop-guardian com]
> Sent: Monday, October 13, 2003 7:44 PM
> To: Alvin Wong; focus-ids () securityfocus com
> Subject: Re: Host Based IDS Recommendations?
>
>
> > I would like to find out for Windows boxes if there are any
> > recommendations for Host based IDS, i know that for unix there is AIDE,
> > linux, tripwire. What are the solutions for Windows machines? Would
> > running a software IDS that is capable of monitoring and protecting the
> > file systems a la tripwire with signed hashes kept in removable media be
> > sufficient? If there are, what are the usual suspects for host based IDS
> > that is used prevalently in industry? I'm hoping for both free and
> > commercial solutions
>
>
> Theres a company called Trustcorps whom provide a commercial solution to
> what i believe you're looking for:
>
> http://www.trustcorps.com/
>
> "Intrusion Prevention technology such as TRUSHIELD™ is designed to not only
> detect activities on the server that could damage data or that are
> unauthorised activities, but stops them dead in their tracks. Where
> Intrusion detection stops, IPS takes over, to ensure that critical systems
> are as highly protected as possible from the threats of known and unknown
> security attacks."
>
>
> ---------------------------------------------------------------------------
> Captus Networks IPS 4000
> Intrusion Prevention and Traffic Shaping Technology to: 
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Automatically Control P2P, IM and Spam Traffic
>  - Precisely Define and Implement Network Security & Performance Policies
> FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
> http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
> ---------------------------------------------------------------------------


---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 
---------------------------------------------------------------------------