Re: host-based ids evaluation
From: Talisker (talisker@networkintrusion.co.uk)Date: 08/14/02
- Previous message: Gianpiero Porchia: "R: host-based ids evaluation"
- In reply to: Gian Luca Valecchi: "Re: host-based ids evaluation"
- Next in thread: Gianpiero Porchia: "R: host-based ids evaluation"
- Next in thread: Andrew Plato: "Re: host-based ids evaluation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Talisker" <talisker@networkintrusion.co.uk> To: "Gian Luca Valecchi" <glvalecchi@hotmail.com>, "Andrew Plato" <aplato@anitian.com>, <focus-ids@securityfocus.com> Date: Wed, 14 Aug 2002 17:00:58 +0100
Gian
Without trying to "blow my own trumpet" I have put up a website looking at
every type of IDS (with the exception of a few research projects) I tried
updating it a month or so back and only got as far as the Host and Network
IDS. Though I hope to have another go very soon
As I mentioned it's not right up to date but it's pretty much there
http://www.networkintrusion.co.uk
The latest reviews I know of are at http://www.nss.co.uk
take care
-andy
----- Original Message -----
From: "Gian Luca Valecchi" <glvalecchi@hotmail.com>
To: "Andrew Plato" <aplato@anitian.com>; <focus-ids@securityfocus.com>
Sent: Tuesday, August 13, 2002 4:04 PM
Subject: Re: host-based ids evaluation
> Hi Andrew,
> thank you for your suggestions.
> My boss ordered me to produce a doc in which I've to evaluate ISS
RealSecure
> ServerSensor (Hybrid ids) focusing on host-based "component".
> I'll try the tools you advised to me.
> My idea is to install a Server Sensor also on the attacker host, to see if
> the ids notifies me the malicious attempts starting from a "protected"
> machine.
> Which websites are the best ones where I can find tools other from those
you
> mentioned to me ?
>
> thank you again,
> Gianluca
>
>
> ----- Original Message -----
> From: "Andrew Plato" <aplato@anitian.com>
> To: <glvalecchi@hotmail.com>; <focus-ids@securityfocus.com>
> Sent: Tuesday, August 13, 2002 2:18 AM
> Subject: Re: host-based ids evaluation
>
>
> >HI all,
> >I'm an IDS newbie, I've to evaluate some host-based IDS products.
> >I need some advice about how to setup a fisible testbed.
>
> What HIDS are you evaluating...out of curiosity? There are not very many
out
> there.
>
> >I would reproduce some attacks from an attacker machine towards two
victim
> >machines (winnt and solaris) on which I've to install ids sensors:
> >I need some pointers to find some attack/evaluation tools to exec towards
> >the victim machine inside my testbed.
>
> As for attack tools, there are so many we could spend all day. But a good
> open-source tool is Nessus. It can run tons of scans against a machine and
> make most IDS's light up like a Christmas tree. Another swell tool is
Retina
> from eEye Digital. You can download a free-eval copy to bang away at your
> HIDS and watch them go.
>
> These are intended as vulnerability scanners, I should note. But any
decent
> IDS should pick up their scans as events.
>
> >I also know something about IDSwakeup/snot/stick tools; but AFAIK they're
> >for network ids evaluation.
> >Is there something out there (similar to it) for host-based ids ?
> >it could be very useful to me if you would point me the right way.
>
> All of these tools will work on a HIDS. Just configure their scans to be
> pointed specifically at the system where the HIDS is running.
>
> ------------------------------------
> Andrew Plato, CISSP
> President / Principal Consultant
> Anitian Corporation
>
> (503) 644-5656 office
> (503) 201-0821 cell
> http://www.anitian.com
> ------------------------------------
>
- Previous message: Gianpiero Porchia: "R: host-based ids evaluation"
- In reply to: Gian Luca Valecchi: "Re: host-based ids evaluation"
- Next in thread: Gianpiero Porchia: "R: host-based ids evaluation"
- Next in thread: Andrew Plato: "Re: host-based ids evaluation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
