Re: IDS



Dnia 03-07-2006, pon o godzinie 05:57 +0000,
Gopinath_Ramamoorthy@xxxxxxxxxx napisał(a):
Dear Team...

I have used few IDS in my network, doesn't found them working in the way i wanted.
My requirement is when there is a machine / laptop are connected to my network, which is not updated with the current Patches, Security updates which is being approved needs to be reported to the Sys admin and immediate necessary steps would be taken.
Is it possible to have this & if so suggest me the options pls.

You don't need IDS for this task (and I suggest reading what IDS are
for). I would suggest using one of the VA software. GFI Lan Guard (when
working with domain administrator rights) have such capabilities. It can
also deploy patches for you. As you probably noticed - this works only
for Windows boxes.

Other software capable of doing such task are ISS Internet Security
Scanner and Nessus. Nessus can also test missig patches in other systems
(UNIX-like). There are other programs, but haven't use them.

Of course tests can be run on a regular basis.

Regards,
Gopi

Regards

--
Michael "carstein" Melewski | "We have no future bacause our present
carstein()7thguard.net | is too volatile. We have only risk
mobile: 512 357 303 | management. The spinning of the given
JID: carstein()gentoo.pl | moment's scenarios. Pattern recognition.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • Re: Worm generating network attack traffic?
    ... You bring up a good point, but not all Nessus checks are ... with benign payloads and check for a known-vulnerable response. ... should be sufficient to generate an IDS alert. ... FWIW, I have found tools such as Core Impact, Metasploit, and Canvas ...
    (Focus-IDS)
  • Re: IDS Evaluation
    ... >about the accuracy of the ids. ... Nessus has a lot of anti-ids features which still bypass some systems ... the NeWT scanner which does not have a cost for Class-C usage. ... However, when you run vuln scanners against an IDS, you only really ...
    (Focus-IDS)
  • Re: free hIDS, or system assessment tools
    ... Of course if you plug Nessus and then mention windows, ... check out NeWT 2.1 when we release it later this week. ... And just to bring it back to an IDS discussion, ...
    (Focus-IDS)
  • Re: Best Method(s) for signature verifcation.
    ... > Nessus that means you'll be getting a lot of false positives with it. ... > IDS Inforner, Impact, Nexpose and of course a collection of goodies from ... important thing: look at what your test tool ...
    (Focus-IDS)
  • Re: Remote IDS Testing
    ... > There are many open source vulnerability scanners out there. ... > your ip block with nessus should trigger plenty of alerts. ... >> Could someone point me to a few remote IDS testing locations? ...
    (Focus-IDS)