Which intrusion detection to use?

From: Simon Siemonsma (s.siemonsma@hccnet.nl)
Date: 01/13/02

• Next message: Dave Raven: "Re: Which intrusion detection to use?"
• Previous message: Dag-Erling Smorgrav: "Re: options TCP_DROP_SYNFIN"
• Next in thread: Dave Raven: "Re: Which intrusion detection to use?"
• Reply: Dave Raven: "Re: Which intrusion detection to use?"
• Reply: admin: "Re: Which intrusion detection to use?"
• Maybe reply: Krzysztof Zaraska: "Re: Which intrusion detection to use?"
• Maybe reply: Lee Brotherston: "RE: Which intrusion detection to use?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Simon Siemonsma <s.siemonsma@hccnet.nl>
To: freebsd-security@freebsd.org
Date: Sun, 13 Jan 2002 19:00:30 +0000

I have a FreeBSD box at home which I primairily use for internet access.
All unneccesary deamon's are switched of (I have inetd turned off) and I make
use of IPFW.
To even increase the security more I want to add a few things:
1. software that warns me when I'm under attack. I understood snort is a
Network based Intrusion Detection System (NIDS), so not usefull on a host.
What are the alternatives on a host? I did read about portsentry but don't
understand what the added benefit it over a tightly configured firewall. I
mean I use statefull packet filtering, allowing connections to be build up
from me to the internet and not the other way round. Further my ports are
stealthed.
2. software which will detect that I'm hacked. Tripware is a well know name,
but AIDE clames to do more. Integrit claimes to be simpler and focus on the
essentials.

Does anyone have some recommendations for me.
Other recommendations to increase my security are also welcome?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Dave Raven: "Re: Which intrusion detection to use?"
• Previous message: Dag-Erling Smorgrav: "Re: options TCP_DROP_SYNFIN"
• Next in thread: Dave Raven: "Re: Which intrusion detection to use?"
• Reply: Dave Raven: "Re: Which intrusion detection to use?"
• Reply: admin: "Re: Which intrusion detection to use?"
• Maybe reply: Krzysztof Zaraska: "Re: Which intrusion detection to use?"
• Maybe reply: Lee Brotherston: "RE: Which intrusion detection to use?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Problems using gssapi authentication from FreeBSD to Linux machines ... work between a FreeBSD host and a Linux host. ... STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens ... but I can't get the Linux box to accept the Kerberos ... (FreeBSD-Security) Re: Problems using gssapi authentication from FreeBSD to Linux machines ... work between a FreeBSD host and a Linux host. ... STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens ... but I can't get the Linux box to accept the Kerberos ... (FreeBSD-Security) Re: Root directory filling up... ... Kevin D. Kinsey, DaleCo, S.P. wrote: ... >> FreeBSD, but now I realize this is probably not the best choice. ... > in your root partition, which is just barely big enough to ... recommendations but then I've never read his book, ... (freebsd-newbies) Problems using ipsec transport mode with a gateway ... My network configuration is 2 subnets separated by a gateway: ... I want to protect data between Host 1 and FreeBSD host, ... 2.1.1.0/24 subnet by using ipsec in TRANSPORT mode. ... I observe that data from Host 1 to FreeBSD host are ok but data from FreeBSD ... (freebsd-net) Re: I cant connect to internet. Plz help me ... > I'm a novice linux user currently switched over to freebsd when many ... > missspelled your host name ?". ... Do you have DNS name resolution setup correctly on your machine? ... (freebsd-questions)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint