RE: HIDS - new technologies ?
From: kaleal (kaleal@hawaii.rr.com)Date: 07/12/02
- Previous message: roy lo: "Re: HIDS - new technologies ?"
- In reply to: Stephanie Miller: "Re: HIDS - new technologies ?"
- Next in thread: Shripal Meghani: "RE: HIDS - new technologies ?"
- Next in thread: Martin Tomasek: "Re: HIDS - new technologies ?"
- Reply: Shripal Meghani: "RE: HIDS - new technologies ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "kaleal" <kaleal@hawaii.rr.com> To: "'Stephanie Miller'" <stephanie_miller@hp.com>, <kunal@geosofttech.net>, <focus-ids@securityfocus.com> Date: Thu, 11 Jul 2002 13:14:07 -1000
While the technology emerging in the HIDS arena is gaining ground..has
anyone actually seen market demand for a HIDS deployment? I have been
having difficulty even getting any name recognition for any HIDS
product. Does anyone have any marketing data regarding HIDS
deployments..and customer thoughts on HIDS?
Kal
-----Original Message-----
From: Stephanie Miller [mailto:stephanie_miller@hp.com]
Sent: Thursday, July 11, 2002 5:29 AM
To: kunal@geosofttech.net; focus-ids@securityfocus.com
Subject: Re: HIDS - new technologies ?
I'll also add that Hewlett-Packard offers a HIDS that has hooks directly
in
the kern. for
analyzing system calls. We are doing pure intrusion detection, no
intercepting or
blocking of system calls (we do offer intrusion response once an alert
is
triggered).
Plus we detect intrusions using just a small hand-full of detection
"templates"
(no need to manage hundreds of signatures). You can find more
information at:
http://www.hp.com/products1/unix/operating/security/
Or download the product (it's free) from:
http://www.software.hp.com/ISS_products_list.html
And the documentation is at:
http://docs.hp.com/hpux/internet/index.html#Intrusion%20Detection%20Syst
em/9000
Cheers,
-Stephanie
At 01:42 AM 7/11/2002 +0530, Kunal Rupera wrote:
>Hello everyone ..!
> Currently host based intrusion detection systems usually
consists
> of programs like Sentinel or Tripwire which do file integrity checks
> using various checksumming algorithms. Now there are some new upcoming
> technologies like HIDS based on system calls.
>http://imsafe.sourceforge.net/ <---- to quote a very crude example..
>something on these lines but not exactly the way imsafe functions. Now
>would it be possible to make a HIDS that is based on system calls? . to
>site a example, most windows based anti viral programs hook the I/O
calls
>and do not let a infected.exe get executed. so would it be possible to
>write a program which monitors for executable files and when one is
>executed, checks if it contains "bad" signatures and allows or prevents
>that executable file from getting executed? . {this applies to *nix
>platforms} so that exploits (mostly local root buffer overflows) can be
>prevented from running? .. ofcourse such HIDS systems would have the
>limitations that most NIDS systems have eg. encrypted payload to site
one
>of them... etc.. but wont it be effective for most cases?
>Views/Flames/Ideas/Help/Links/Discussions. all welcome... :)..
>
>Kunal
>Unix System Administrator
>Sun Certified Solaris Administrator
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Stephanie A. Miller
HP IDS/9000 Security Engineer
Enterprise Systems Technology Lab
(734)805-2264
Hewlett-Packard Company
http://www.hp.com/security
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
- Previous message: roy lo: "Re: HIDS - new technologies ?"
- In reply to: Stephanie Miller: "Re: HIDS - new technologies ?"
- Next in thread: Shripal Meghani: "RE: HIDS - new technologies ?"
- Next in thread: Martin Tomasek: "Re: HIDS - new technologies ?"
- Reply: Shripal Meghani: "RE: HIDS - new technologies ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
