RE: using HIDS for change control

• Previous message: Persio Pucci: "Open Source IDS Solution?"
• In reply to: Rivera,Angel L.: "RE: using HIDS for change control"
• Next in thread: Evans, Arian: "RE: using HIDS for change control"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 25 Aug 2005 05:25:10 -0400
To: "Rivera,Angel L." <ARIVERA@mitre.org>, focus-ids@lists.securityfocus.com

Yes. Tripwire does this. Their underlying technology detects change.

Ron Gula, CTO
Tenable Network Security

On Thu, 25 Aug 2005 5:21am, Rivera,Angel L. wrote:
> Does anyone on this list know of a sponsor that is using HIDS to
> monitor
> changes to a system's (Unix & Windows) configuration?
>
> The goal is to build a server according to specs (this would include
> hardening of the OS + agency specific security settings) then use a
> HIDS
> to detect and alert on any changes.
>
> Theoretically speaking, I know this can be done, but is anyone doing
> this?
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
--rgula

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

• Previous message: Persio Pucci: "Open Source IDS Solution?"
• In reply to: Rivera,Angel L.: "RE: using HIDS for change control"
• Next in thread: Evans, Arian: "RE: using HIDS for change control"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]