Re: Fwd: Solaris 10 x86 HIDS

On 3/15/07, tim_holman@xxxxxxxxxxx <tim_holman@xxxxxxxxxxx> wrote:
Not quite a hids but does Tripwire count? They have Freeware agents for solaris?
Have you looked at a network IPS to protect your whole web tier rather than host based solutions?

HIDS are different than NIDS. NIDS cannot defend against insider
attacks, for example. I am beginning to grow tired of "experts"
suggesting NIDS when HIDS have a different functionality.

And yes, Samhain, Osiris and Tripwire are HIDSs, but the use a policy
based approach (mostly integrity verification of files). That does not
disqualify them as HIDS.

Best,

-J


Rgds

Tim
Sent from my BlackBerry(r) wireless device

-----Original Message-----
From: "kevin fielder" <kevin.fielder@xxxxxxxxx>
Date: Wed, 14 Mar 2007 17:59:02
To:focus-ids@xxxxxxxxxxxxxxxxx
Subject: Fwd: Solaris 10 x86 HIDS

Hi

It's a commercial product, but ISS real secure server sensor supports
Solaris. We have used it on Sparc, not x86, but this may be worth
checking out as it may well meet your needs.

Cheers

Kevin



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Brian A. Seklecki
Sent: 24 February 2007 22:13
To: tsax68@xxxxxxxxxxx; Ángel Alonso-Párrizas
Cc: focus-ids@xxxxxxxxxxxxxxxxx; samhain-users@xxxxxxxxxxxxxxxxxx;
gateway@xxxxxxxxxxxx; forum@xxxxxxxxxxxx
Subject: Re: Solaris 10 x86 HIDS

Samhain will work on just about any POSIX system; plus it integrates
with Prelude.

If it fails to compile, consult the list and archives or just ping me.

Cheers,
~BAS

On Wed, 2006-12-13 at 14:13 +0000, tsax68@xxxxxxxxxxx wrote:
> We are exploring the possibility of deploying Solaris 10 x86 servers in our web tier, and we would of course like to have it protected (somewhat) by HIDS software. So far, the ONLY solution is the OSSEC product, but I want to make sure I'm not missing any other vendors, free or commercial. Have you guys come across any other Solaris 10 x86 HIDS products?
>
> Thanks,
>
> B-
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>
>
>
>
>
>
--
Brian A. Seklecki <bseklecki@xxxxxxxxxxxxxxxxxxxxxxx>
Collaborative Fusion, Inc.




IMPORTANT: This message contains confidential information and is
intended only for the individual named. If the reader of this message
is not an intended recipient (or the individual responsible for the
delivery of this message to an intended recipient), please be advised
that any re-use, dissemination, distribution or copying of this
message is prohibited. Please notify the sender immediately by e-mail
if you have received this e-mail by mistake and delete this e-mail
from your system.



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Relevant Pages

  • Re: Core Impact references
    ... There are several ways to accomplish what you need within CORE IMPACT. ... > can reduce the chances of the attacks being noticed. ... >>Hackers are concentrating their efforts on attacking applications on ... Check your website for ...
    (Pen-Test)
  • Re: Evaluating IDS
    ... What type of attacks would have the highest impact ... Lastly anyone know where I can get a virus to use and any recommendations in that area? ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • Re: SSL - Man-in-the-Middle filtering
    ... spoofed the connection?what IPS will do in tht case?discard the ... If you are looking for attacks against SSL, IPSEC, etc... ... attacks from CORE IMPACT. ...
    (Focus-IDS)
  • RE: Core Impact references
    ... Core Impact is amazing; I've used it in the past. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: ISS Proventia email overflow
    ... In buffer overflow attacks, an attacker supplies data that is longer ... with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)