RE: using HIDS for change control
From: Rivera,Angel L. (ARIVERA_at_mitre.org)
Date: 08/26/05
- Previous message: Evans, Arian: "looking for wireless IDS whitepaper"
- Maybe in reply to: Rivera,Angel L.: "RE: using HIDS for change control"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Aug 2005 13:21:09 -0400 To: "Ron Gula" <rgula@tenablesecurity.com>, <focus-ids@lists.securityfocus.com>
It has been a while since I used Tripwire but I believe you manually
run it
to detect changes - I think HIDS have two components - one checks at
the
network level - the other looks at system logs for specific events -
both in
close to real time. One assumption is that system logs are recording
changes to system configuration settings - Advantage of HIDS is the
detection in real time of this change - it also eases the burden of
having
to run tripwire repeatedly. The security person only needs to run
tripwire
if it detects a HIDS alert.
-----Original Message-----
From: Ron Gula [mailto:rgula@tenablesecurity.com]
Sent: Thursday, August 25, 2005 5:25 AM
To: Rivera,Angel L.; focus-ids@lists.securityfocus.com
Subject: RE: using HIDS for change control
Yes. Tripwire does this. Their underlying technology detects change.
Ron Gula, CTO
Tenable Network Security
On Thu, 25 Aug 2005 5:21am, Rivera,Angel L. wrote:
> Does anyone on this list know of a sponsor that is using HIDS to
> monitor
> changes to a system's (Unix & Windows) configuration?
>
> The goal is to build a server according to specs (this would include
> hardening of the OS + agency specific security settings) then use a
> HIDS
> to detect and alert on any changes.
>
> Theoretically speaking, I know this can be done, but is anyone doing
> this?
>
>
-----------------------------------------------------------------------
-
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
>
-----------------------------------------------------------------------
-
--rgula
-----------------------------------------------------------------------
-
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
-----------------------------------------------------------------------
-
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Evans, Arian: "looking for wireless IDS whitepaper"
- Maybe in reply to: Rivera,Angel L.: "RE: using HIDS for change control"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
