RE: Host Based IDS Recommendations?

From: Mark E. Donaldson (markee_at_bandwidthco.com)
Date: 10/12/03

  • Next message: Jerry Heidtke: "RE: ICMP Ping Sweep Detection"
    To: "Alvin Wong" <alvin.wong@b2b.com.my>, <focus-ids@securityfocus.com>
    Date: Sat, 11 Oct 2003 19:05:05 -0700
    
    

    You might take a look at OSIRIS. It's Open Source and looks promising to me
    although I have not tried it myself yet: http://osiris.shmoo.com/

    -----Original Message-----
    From: Alvin Wong [mailto:alvin.wong@b2b.com.my]
    Sent: Thursday, October 09, 2003 11:41 PM
    To: focus-ids@securityfocus.com
    Subject: Host Based IDS Recommendations?

    Hi,

    I would like to find out for Windows boxes if there are any
    recommendations for Host based IDS, i know that for unix there is AIDE,
    linux, tripwire. What are the solutions for Windows machines? Would
    running a software IDS that is capable of monitoring and protecting the
    file systems a la tripwire with signed hashes kept in removable media be
    sufficient? If there are, what are the usual suspects for host based IDS
    that is used prevalently in industry? I'm hoping for both free and
    commercial solutions

    Regards,
    Alvin

    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
    ---------------------------------------------------------------------------


  • Next message: Jerry Heidtke: "RE: ICMP Ping Sweep Detection"