RE: Host Based IDS Recommendations?

From: Milind Nanal (milindyn_at_rolta.com)
Date: 10/15/03

  • Next message: Alvin Wong: "RE: Host Based IDS Recommendations?"
    To: Simon Gray <simong@desktop-guardian.com>, Alvin Wong <alvin.wong@b2b.com.my>, focus-ids@securityfocus.com
    Date: Wed, 15 Oct 2003 19:09:51 +0530
    
    

    Try
    Secuplat HIDS for NT. It have server agent based features. Link is as below.

    http://www.inzen.com/eng/products/HIDS/EP_HIDS_01.asp

    I would like to know Unix AIDE which you are talking about. It is server
    agent based HIDs?

    I am looking for Linux based HIDs which should be more advance than
    tripwire. Tripware is just doing file level auditing am looking for some
    feature (on linux box) similar to Secuplat HIDS for NT.the central server
    should collect all attack, file change auditing data, User security breaking
    data for all my linux box. Just simple agent should be installed on my
    linux box to send the attack data to central server. some thing similar to
    Snare HIDs.

    http://www.intersectalliance.com/projects/Snare/index.html

    Your feed back on this is appreciated.

    Regards,

    Milind

    -----Original Message-----
    From: Simon Gray [mailto:simong@desktop-guardian.com]
    Sent: Monday, October 13, 2003 7:44 PM
    To: Alvin Wong; focus-ids@securityfocus.com
    Subject: Re: Host Based IDS Recommendations?

    > I would like to find out for Windows boxes if there are any
    > recommendations for Host based IDS, i know that for unix there is AIDE,
    > linux, tripwire. What are the solutions for Windows machines? Would
    > running a software IDS that is capable of monitoring and protecting the
    > file systems a la tripwire with signed hashes kept in removable media be
    > sufficient? If there are, what are the usual suspects for host based IDS
    > that is used prevalently in industry? I'm hoping for both free and
    > commercial solutions

    Theres a company called Trustcorps whom provide a commercial solution to
    what i believe you're looking for:

    http://www.trustcorps.com/

    "Intrusion Prevention technology such as TRUSHIELD™ is designed to not only
    detect activities on the server that could damage data or that are
    unauthorised activities, but stops them dead in their tracks. Where
    Intrusion detection stops, IPS takes over, to ensure that critical systems
    are as highly protected as possible from the threats of known and unknown
    security attacks."

    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
    ---------------------------------------------------------------------------


  • Next message: Alvin Wong: "RE: Host Based IDS Recommendations?"

    Relevant Pages

    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.windows.server.sbs)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.backoffice.smallbiz2000)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.windows.server.sbs)