A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro
From: Brian Azzopardi (brian_at_unixpoet.com)
Date: 08/09/05
- Previous message: Jordan Wiens: "Re: Updating Enterasys Dragon NIDS signature..."
- In reply to: Bill Stout: "Looking for HIDS-only products for XP/2000Pro"
- Next in thread: Nakul Aggarwal: "Re: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro"
- Reply: Nakul Aggarwal: "Re: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro"
- Maybe reply: Bill Stout: "RE: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Bill Stout'" <bill.stout@greenborder.com>, <focus-ids@securityfocus.com> Date: Tue, 9 Aug 2005 20:20:37 +0200
I have implemented a tool which might be useful to protect against both
known and unknown malware. The tool works by restricting the user-specified
applications to, what in Unix-land would be, a jail. The applications, for
example IE or Outlook, have only read/write or read only rights to certain
directories/files. In future I plan to extend the app to protect the
registry as well. I've tested it on W2k/XPpro/W2k3.
I would love to know what the list think of the idea.
Thanks,
Brian
PS
If enough people ask I will release it.
-----Original Message-----
From: Bill Stout [mailto:bill.stout@greenborder.com]
Sent: Thursday, August 04, 2005 6:20 AM
To: focus-ids@securityfocus.com
Subject: Looking for HIDS-only products for XP/2000Pro
I'm assuming most companies do both HIDS and blocking. Are there any
companies which specialize in HIDS for XP/2000Pro? Specifically passive
(worm/virus/Trojan) attacks, maybe with an online database for reference.
In other words, if we have a product which protects against certain vectors
(IE & Outlook), and we want to prove that it did protect them although it
doesn't detect, what could I use to detect and identify specific attacks?
Bill Stout
Director of IT
GreenBorder, Inc
www.greenborder.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Jordan Wiens: "Re: Updating Enterasys Dragon NIDS signature..."
- In reply to: Bill Stout: "Looking for HIDS-only products for XP/2000Pro"
- Next in thread: Nakul Aggarwal: "Re: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro"
- Reply: Nakul Aggarwal: "Re: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro"
- Maybe reply: Bill Stout: "RE: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
