RE: Host Based IDS Recommendations?

From: Alvin Wong (alvin.wong_at_b2b.com.my)
Date: 10/16/03

  • Next message: Morse, Greg: "RE: ICMP Ping Sweep Detection"
    To: Milind Nanal <milindyn@rolta.com>
    Date: 16 Oct 2003 10:03:19 +0800
    
    

    Hi Milind,

    Thanks for the recommendation for Windows HIDS.
    AIDE is a similar-esque HIDS to Tripwire but works on Unix servers. The
    Unix Tripwire version is commercial and you have to pay in order to use
    it but as a freeware, AIDE works fine.
    As per the recommendations of some in this thread, you can have a look
    at osiris, http://osiris.shmoo.com
    I am still in the process of getting it to work for me but with some
    tweaking and time to do the tweaking, it should be working fine.:>

    You can also try samhain, http://la-samhna.de/samhain/
    I haven't tried it but you should have a look.

    Regards,
    Alvin

    On Wed, 2003-10-15 at 21:39, Milind Nanal wrote:
    > Try
    > Secuplat HIDS for NT. It have server agent based features. Link is as below.
    >
    >
    > http://www.inzen.com/eng/products/HIDS/EP_HIDS_01.asp
    >
    > I would like to know Unix AIDE which you are talking about. It is server
    > agent based HIDs?
    >
    > I am looking for Linux based HIDs which should be more advance than
    > tripwire. Tripware is just doing file level auditing am looking for some
    > feature (on linux box) similar to Secuplat HIDS for NT.the central server
    > should collect all attack, file change auditing data, User security breaking
    > data for all my linux box. Just simple agent should be installed on my
    > linux box to send the attack data to central server. some thing similar to
    > Snare HIDs.
    >
    > http://www.intersectalliance.com/projects/Snare/index.html
    >
    > Your feed back on this is appreciated.
    >
    > Regards,
    >
    > Milind
    >
    >
    > -----Original Message-----
    > From: Simon Gray [mailto:simong@desktop-guardian.com]
    > Sent: Monday, October 13, 2003 7:44 PM
    > To: Alvin Wong; focus-ids@securityfocus.com
    > Subject: Re: Host Based IDS Recommendations?
    >
    >
    > > I would like to find out for Windows boxes if there are any
    > > recommendations for Host based IDS, i know that for unix there is AIDE,
    > > linux, tripwire. What are the solutions for Windows machines? Would
    > > running a software IDS that is capable of monitoring and protecting the
    > > file systems a la tripwire with signed hashes kept in removable media be
    > > sufficient? If there are, what are the usual suspects for host based IDS
    > > that is used prevalently in industry? I'm hoping for both free and
    > > commercial solutions
    >
    >
    > Theres a company called Trustcorps whom provide a commercial solution to
    > what i believe you're looking for:
    >
    > http://www.trustcorps.com/
    >
    > "Intrusion Prevention technology such as TRUSHIELD™ is designed to not only
    > detect activities on the server that could damage data or that are
    > unauthorised activities, but stops them dead in their tracks. Where
    > Intrusion detection stops, IPS takes over, to ensure that critical systems
    > are as highly protected as possible from the threats of known and unknown
    > security attacks."
    >
    >
    > ---------------------------------------------------------------------------
    > Captus Networks IPS 4000
    > Intrusion Prevention and Traffic Shaping Technology to:
    > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
    > - Automatically Control P2P, IM and Spam Traffic
    > - Precisely Define and Implement Network Security & Performance Policies
    > FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    > http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    > ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
    ---------------------------------------------------------------------------


  • Next message: Morse, Greg: "RE: ICMP Ping Sweep Detection"