IDS mailing list archives
Re: Host Based IDS
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Mon, 20 Oct 2008 21:01:32 +0200
Security Group wrote:
I am currently evaluating several host-based Intrusion Detection Systems to monitor servers in a DMZ.
Which type of servers ?
OSSEC
Which is a log-based IDS...
Open Source Tripwire
This is a file alteration monitor...
IBM Proventia Enterasys Dragon IDS/IPS
Aren't these NIDS ?
Cisco Security Agent
This is an anomaly-based HIDS... You are comparing apples, oranges, bananas and lemons together... this is not really productive.
I am thinking of suggesting OSSEC. Does anyone have any other suggestions?
Maybe you should clarify with yourself what you are actually trying to do ;-) Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Host Based IDS Security Group (Oct 20)
- Re: Host Based IDS Stefano Zanero (Oct 20)
- Re: Host Based IDS Brad Lhotsky (Oct 21)
- RE: Host Based IDS Kirk, James P. (Oct 21)
- Message not available
- Re: Host Based IDS Stefano Zanero (Oct 21)
- Re: Host Based IDS jeffrey . stebelton (Oct 21)
- Re: Host Based IDS JiPi DiNi (Oct 22)
- Re: Host Based IDS Stefano Zanero (Oct 20)
- Re: Host Based IDS Dharmendra T (Oct 21)
- Re: Host Based IDS Erik Harrison (Oct 21)
- Re: Host Based IDS belka (Oct 21)
- RE: Host Based IDS Andrew Plato (Oct 21)
- RES: Host Based IDS Rafael Dreher (Oct 21)