Re: Looking for Host Based IDS

From: anedvedicky@tinysoftware.cz
Date: 12/19/01


Date: Wed, 19 Dec 2001 10:01:14 +0100 (CET)
From: <anedvedicky@tinysoftware.cz>
To: Guy Fighel <GuyF@xpert.com>

On Mon, 17 Dec 2001, Guy Fighel wrote:

> Hello,
>
> Can someone recommend about a good Host Based IDS that looks for suspicious
> operating system processes?
> I need the ability to write a specific policy for specific system processes
> and need that the IDS will report about any modifications.
>
> I would appreciate your help,
>
> Guy.
>
the best I can recommend is medusa DS9. it's configurable and makes
machine secure. the computer with medusa using old bind (ver 8) and old
sendmail (ver 8.10??) with no patches. it runs linux 2.2.5. machine was
not rooted for nearly two years...
medusa homepage:
        http://medusa.terminus.sk
        http://medusa.fornax.sk
sasha



Relevant Pages

  • Re: IDS Opinions
    ... what is the throughput requirement for the IDS. ... options then the best fit will be Snort or CA. Snort is a freeware with ... >I recommend you to download the trial and test it yourself... ... >Subject: IDS Opinions ...
    (Focus-IDS)
  • Re: MSSP / IDS Selection
    ... If you're still trying to determine whether or not to go with an MSS vs ... For those customers we often recommend ... Perhaps you are looking for the managed IDS without ... It appears to offer services that Snort does not, ...
    (Focus-IDS)
  • Re: MSSP / IDS Selection
    ... after being involved in MSSP from back in 99, I did then and still have ... Can these providers manage my legacy products effectively as well? ... Subject: MSSP / IDS Selection ... For those customers we often recommend ...
    (Focus-IDS)
  • Re: Intrusion Detection recommendations
    ... > Can anyone recommend a really good Intrustion Detection system?? ... I assume you're talking Network IDS. ...
    (microsoft.public.win2000.security)
  • Re: how to add id to 2 tables
    ... You don't need to user a number format for your ID but I recommend it. ... You can then use a sequence to generate the IDs for your tables. ...
    (comp.databases.oracle.misc)