Re: HIDS solution for NT4 machines
From: David Glosser (david_glosser_at_yahoo.com)
Date: 10/05/05
- Previous message: Jason: "RE: HIDS solution for NT4 machines"
- In reply to: bcihak_at_gmail.com: "HIDS solution for NT4 machines"
- Next in thread: Jason Thompson: "Re: HIDS solution for NT4 machines"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 05 Oct 2005 17:22:33 -0400 To: bcihak@gmail.com, focus-ids@securityfocus.com
A few random thoughts...
Would a program like tripwire help? It will tell you if any system binaries
have changed.
There may even be freeware versions/clones available. (I know it won't
prevent an infection, but will alert you once it happens)
Will spybot or ad-aware work on NT?
How about one of those host files to block malicious sites
(http://www.mvps.org/winhelp2002/hosts.htm)
Can any of these NT4 boxes be run in vmware? At least then you can take a
snapshots of good copies.
Can you front-end these servers and workstations with a firewall/IPS? Place
them in an isolated network segment?
Good luck, and please let us know what solution works best for you.
----- Original Message -----
From: <bcihak@gmail.com>
To: <focus-ids@securityfocus.com>
Sent: Monday, October 03, 2005 12:51 PM
Subject: HIDS solution for NT4 machines
>I work in a large distributed network. We have several workstations and
>servers that are running on NT4. I've been tasked with finding some sort
>of a HIDS (Host based Intrusion Detection System) software solution to
>protect these machines from zero day exploits, worms, and BO's. I've
>looked at Cisco, Blink by Eeye, Destop Protector by ISS, and Primary
>Response by Sana Security. None of these will support anything lower than
>NT4 SP6a. My biggest problem is I have several machines that are running
>below SP6a and because of the flaky software running on these machines, I
>can't install SP6a without breaking the app. Does anyone have any good
>experience with other products for NT4 server/workstation below SP6a.
>
> Just a side note, most of these machines will be replaced within 2 years,
> but that is a long time to leave exposed machines on the network.
>
> Thanks!
>
> Bcihak
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Jason: "RE: HIDS solution for NT4 machines"
- In reply to: bcihak_at_gmail.com: "HIDS solution for NT4 machines"
- Next in thread: Jason Thompson: "Re: HIDS solution for NT4 machines"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
