HIDS solution for NT4 machines

bcihak_at_gmail.com
Date: 10/03/05

Next message: Jason A Minto: "RE: Ossim"

Previous message: sumit.siddharth_at_gmail.com: "detecting "intrusion detection""
Next in thread: Jason: "RE: HIDS solution for NT4 machines"
Reply: Jason: "RE: HIDS solution for NT4 machines"
Reply: David Glosser: "Re: HIDS solution for NT4 machines"
Maybe reply: Jason Thompson: "Re: HIDS solution for NT4 machines"
Maybe reply: bcihak_at_gmail.com: "Re: HIDS solution for NT4 machines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 3 Oct 2005 16:51:58 -0000
To: focus-ids@securityfocus.com

('binary' encoding is not supported, stored as-is) I work in a large distributed network. We have several workstations and servers that are running on NT4. I've been tasked with finding some sort of a HIDS (Host based Intrusion Detection System) software solution to protect these machines from zero day exploits, worms, and BO's. I've looked at Cisco, Blink by Eeye, Destop Protector by ISS, and Primary Response by Sana Security. None of these will support anything lower than NT4 SP6a. My biggest problem is I have several machines that are running below SP6a and because of the flaky software running on these machines, I can't install SP6a without breaking the app. Does anyone have any good experience with other products for NT4 server/workstation below SP6a.

Just a side note, most of these machines will be replaced within 2 years, but that is a long time to leave exposed machines on the network.

Thanks!

Bcihak

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Next message: Jason A Minto: "RE: Ossim"

Previous message: sumit.siddharth_at_gmail.com: "detecting "intrusion detection""
Next in thread: Jason: "RE: HIDS solution for NT4 machines"
Reply: Jason: "RE: HIDS solution for NT4 machines"
Reply: David Glosser: "Re: HIDS solution for NT4 machines"
Maybe reply: Jason Thompson: "Re: HIDS solution for NT4 machines"
Maybe reply: bcihak_at_gmail.com: "Re: HIDS solution for NT4 machines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: VM of IPS/IDS solution
... Subject: VM of IPS/IDS solution ... pull back what machines as missing what Microsoft Vulnerabilities. ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
Re: about xilinx synthesizer.
... synthesizing state machines? ... has no explicit encoding. ... encoding up to enum length 4 and one-hot encoding ... and in 99.9% of cases the designer saves time ...
(comp.lang.vhdl)
RE: Scan for "outsider" Pcs on network
... If all he wants is to find out when new machines show up, ... If he is interested in more control, he needs a strict network as you ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
Re: ZipOutputStream Writes Corrupt Zip Files
... Silvio Bierman wrote: ... > encoding, which will default to a system-dependant encoding. ... > encoding is for the machines where it does work and use that encoding ... Central Directory Header, got the address of the Central Directory, made ...
(comp.lang.java)
RE: Scan for "outsider" Pcs on network
... If all he wants is to find out when new machines show up, ... If he is interested in more control, he needs a strict network as you ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)