IDS mailing list archives
RE: Host Based IDS Recommendations?
From: Alvin Wong <alvin.wong () b2b com my>
Date: 16 Oct 2003 10:03:19 +0800
Hi Milind, Thanks for the recommendation for Windows HIDS. AIDE is a similar-esque HIDS to Tripwire but works on Unix servers. The Unix Tripwire version is commercial and you have to pay in order to use it but as a freeware, AIDE works fine. As per the recommendations of some in this thread, you can have a look at osiris, http://osiris.shmoo.com I am still in the process of getting it to work for me but with some tweaking and time to do the tweaking, it should be working fine.:> You can also try samhain, http://la-samhna.de/samhain/ I haven't tried it but you should have a look. Regards, Alvin On Wed, 2003-10-15 at 21:39, Milind Nanal wrote:
Try Secuplat HIDS for NT. It have server agent based features. Link is as below. http://www.inzen.com/eng/products/HIDS/EP_HIDS_01.asp I would like to know Unix AIDE which you are talking about. It is server agent based HIDs? I am looking for Linux based HIDs which should be more advance than tripwire. Tripware is just doing file level auditing am looking for some feature (on linux box) similar to Secuplat HIDS for NT.the central server should collect all attack, file change auditing data, User security breaking data for all my linux box. Just simple agent should be installed on my linux box to send the attack data to central server. some thing similar to Snare HIDs. http://www.intersectalliance.com/projects/Snare/index.html Your feed back on this is appreciated. Regards, Milind -----Original Message----- From: Simon Gray [mailto:simong () desktop-guardian com] Sent: Monday, October 13, 2003 7:44 PM To: Alvin Wong; focus-ids () securityfocus com Subject: Re: Host Based IDS Recommendations?I would like to find out for Windows boxes if there are any recommendations for Host based IDS, i know that for unix there is AIDE, linux, tripwire. What are the solutions for Windows machines? Would running a software IDS that is capable of monitoring and protecting the file systems a la tripwire with signed hashes kept in removable media be sufficient? If there are, what are the usual suspects for host based IDS that is used prevalently in industry? I'm hoping for both free and commercial solutionsTheres a company called Trustcorps whom provide a commercial solution to what i believe you're looking for: http://www.trustcorps.com/ "Intrusion Prevention technology such as TRUSHIELD™ is designed to not only detect activities on the server that could damage data or that are unauthorised activities, but stops them dead in their tracks. Where Intrusion detection stops, IPS takes over, to ensure that critical systems are as highly protected as possible from the threats of known and unknown security attacks." --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
--------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 ---------------------------------------------------------------------------
Current thread:
- Host Based IDS Recommendations? Alvin Wong (Oct 10)
- Re: Host Based IDS Recommendations? Brian Wotring (Oct 10)
- Re: Host Based IDS Recommendations? Jacco Tunnissen (Oct 14)
- Re: Host Based IDS Recommendations? dreamwvr () dreamwvr com (Oct 14)
- Re: Host Based IDS Recommendations? Simon Gray (Oct 14)
- RE: Host Based IDS Recommendations? Mark E. Donaldson (Oct 15)
- <Possible follow-ups>
- RE: Host Based IDS Recommendations? Usama Yehia (Oct 14)
- RE: Host Based IDS Recommendations? Dmitri Smirnov (Oct 14)
- FW: Host Based IDS Recommendations? Zach Forsyth (Oct 14)
- RE: Host Based IDS Recommendations? Milind Nanal (Oct 15)
- RE: Host Based IDS Recommendations? Alvin Wong (Oct 15)
- Re: Host Based IDS Recommendations? edward gonzales (Oct 17)
- Re: Host Based IDS Recommendations? Mark Teicher (Oct 20)
- RE: Host Based IDS Recommendations? Ryan Finnesey (Oct 20)