PaulDotCom mailing list archives
File integrity monitoring software
From: netlacky at gmail.com (Robert Wahl)
Date: Sun, 14 Mar 2010 09:42:30 -0700
nCircle has an interesting agentless solution in their CCM product.
Because it is agentless you could argue potential weaknesses to rootkits but
depending on your situation and need it is an option out there. The
compliance benchmarks are nice too for system hardening against CIS and
other benchmarks.
Robert Wahl
netlacky at gmail.com
----------------------------------------------------------------------
Message: 1
Date: Sat, 13 Mar 2010 18:58:58 -0500
From: Ralph Durkee <rd at rd1.net>
Subject: Re: [Pauldotcom] File integrity monitoring software
To: PaulDotCom Security Weekly Mailing List
<pauldotcom at pdc-mail.pauldotcom.com>
Message-ID: <4B9C26C2.6050509 at rd1.net>
Content-Type: text/plain; charset="iso-8859-1"
TripWire and Aide are the classic answers, but I would recommend OSSEC
http://ossec.net
While consulting with a large organization that was deploying a
commercial FIM product managed by a major vendor, the security group was
given the list of files to monitored and ask for their approval. The
list was the default for the commercial product and was missing some
obvious directories and registries for the windows platform. When I was
asked for an opinion, I went out and got the default list from OSSEC
download. Since it was much more complete, we reviewed that list with
the group, and it became their standard for the FIM.
-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant
Kennith Asher wrote:
Greetings gurus- The company I work for is being pressed to deploy file integrity monitoring tools in our production environment. I've not worked with such tools in the past and am interested in your experiences. I have concerns around noise levels, false positives, how to control file integrity and still keep up with vendor updates (50 hour days anyone?). Anyone have any recommendations? Thanks, Ken ------------------------------------------------------------------------
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100314/5197280b/attachment.htm
Current thread:
- File integrity monitoring software Kennith Asher (Mar 12)
- File integrity monitoring software Ralph Durkee (Mar 13)
- File integrity monitoring software Brett (Mar 13)
- File integrity monitoring software Ron Gula (Mar 16)
- File integrity monitoring software Robert Miller (Mar 18)
- File integrity monitoring software Michael McGrew (Mar 22)
- <Possible follow-ups>
- File integrity monitoring software Robert Wahl (Mar 14)
- File integrity monitoring software Ralph Durkee (Mar 13)