RE: Host Based IDS Recommendations?

From: Ryan Finnesey (ryan.finnesey_at_corpdsg.com)
Date: 10/19/03

  • Next message: Mark Teicher: "Re: Host Based IDS Recommendations?"
    Date: Sat, 18 Oct 2003 22:58:01 -0400
    To: "Dmitri Smirnov" <Dmitri.Smirnov@fusepoint.com>, "Alvin Wong" <alvin.wong@b2b.com.my>
    
    

    Does anyone know if they offer service provider licensing?

    Ryan

    -----Original Message-----
    From: Dmitri Smirnov [mailto:Dmitri.Smirnov@fusepoint.com]
    Sent: Saturday, October 11, 2003 12:25 PM
    To: Alvin Wong
    Cc: focus-ids@securityfocus.com
    Subject: RE: Host Based IDS Recommendations?

    I'm very happy at the moment with Cisco Security Agent (Okena
    StormWatch). Support Solaris and Windows.
    I think Cisco promised Linux support in future.
    Very like everything in this product except may be the idea to pay and
    install the useless VMS CW2000...
    I believe it is the best way/technology/product to detect and prevent
    attacks.

    Dmitri

    On Oct 10, 2003, at 12:40 AM, Alvin Wong wrote:

    > Hi,
    >
    > I would like to find out for Windows boxes if there are any
    > recommendations for Host based IDS, i know that for unix there is
    > AIDE, linux, tripwire. What are the solutions for Windows machines?
    > Would running a software IDS that is capable of monitoring and
    > protecting the file systems a la tripwire with signed hashes kept in
    > removable media be sufficient? If there are, what are the usual
    > suspects for host based IDS that is used prevalently in industry? I'm
    > hoping for both free and commercial solutions
    >
    > Regards,
    > Alvin
    >
    >
    > ----------------------------------------------------------------------
    > -

    ------------------------------------------------------------------------

    ---
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to: 
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance
    Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security
    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console
    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 
    ---------------------------------------------------------------------------
    

  • Next message: Mark Teicher: "Re: Host Based IDS Recommendations?"

    Relevant Pages

    • RE: IDS and Spywares
      ... > to get data through the network. ... a credit card number being transmitted by some malware to the ... hIDS/hIPS have more information at the host side. ... >> better than any network based security control. ...
      (Focus-IDS)
    • Re: IDS is dead, etc
      ... > wouldn't call 'em an IDS, I think they're something different, much ... the host. ... Ensure Reliable Performance of Mission Critical Applications ... Precisely Define and Implement Network Security and Performance Policies ...
      (Focus-IDS)
    • Re: [Full-Disclosure] Is Marty Lying?
      ... > enough to buy the hype of signature-based IDS and to think products like ... The compromise must definately have been limited to ... > their network so if it gets compromised, ... > Snort/Sourcefire network's security. ...
      (Full-Disclosure)
    • [fw-wiz] Corporate H/N IPS
      ... Two new categories will be Host and Network Intrusion Prevention Systems, ... IDS, they actively block traffic deemed as malicious, almost like a firewall ... previous names for a HIPS have included Network Node IDS ...
      (Firewall-Wizards)
    • Re: Is IDS/IPS worthless?
      ... IMHO IDS and IPS are not dead, quite the reverse, but in order to make them ... useful they require a degree of continued investment and support. ... is a case for network defense not requiring IDS/IPS to protect their network ... may lull the staff into a false sense of security. ...
      (Focus-IDS)