Re: IDS for HP-UX

From: Allovair Entellon (allovair@yahoo.com)
Date: 01/11/02

Previous message: mht@clark.net: "Re: IDS for HP-UX"
In reply to: mht@clark.net: "Re: IDS for HP-UX"
Next in thread: Mark Crosbie: "Re: IDS for HP-UX"
Reply: Mark Crosbie: "Re: IDS for HP-UX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 11 Jan 2002 10:43:12 -0800 (PST)
From: Allovair Entellon <allovair@yahoo.com>
To: mht@clark.net, focus-ids@securityfocus.com

We had hoped so as well, but appearances seemed to be
deceiving... If it doesn't show up in a parseable log
file, it doesn't get detected. Look here in the white
paper:

Data sources monitored by the IDS/9000 on the host
include:

1. Kernel audit data that is generated by a trusted
component of the operating system. It includes
analyzing system calls including parameters and
outcomes.
2. System log files are monitored because they
contain data on login/logout, commands executed by
users; reports from network service daemons and
records of HTTP and FTP file transfers.
3. Database server or other application server logs
are analyzed for their data on activity. This enables
detection of well-known attacks.

--- mht@clark.net wrote:
> It looked like a lot more than a fancy UI running
> swatch underneath it. It
> appears that it interoperates with the HP-UX a lot
> stronger than
> configuring swatch. ??
>
> /m
>
> At 08:55 AM 1/11/2002 -0800, Allovair Entellon
> wrote:
> >I've looked at this in the past. Our conclusion
> was
> >that calling it a Host-based intrusion detection
> >system was unfair, given how the product operated.
> >You could duplicate 95% of the functionality with
> >swatch and a good config file.
>

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

Previous message: mht@clark.net: "Re: IDS for HP-UX"
In reply to: mht@clark.net: "Re: IDS for HP-UX"
Next in thread: Mark Crosbie: "Re: IDS for HP-UX"
Reply: Mark Crosbie: "Re: IDS for HP-UX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IDS for HP-UX
... handled just as easily with swatch or any other log watcher tool. ... Database server or other application server logs ... >> configuring swatch. ... > Send FREE video emails in Yahoo! ...
(Focus-IDS)
Re: backdoor detection
... what i really ask is general mechanism of backdoor ... > external firewall to filter ... > array of intrusion detection devices, ... >>Do you Yahoo!? ...
(Focus-IDS)
re: windows 2000 Intrustion Detection
... even to the point of installing ... So, I'd recommend prevent first, then detection. ... Do You Yahoo!? ...
(Security-Basics)