Re: Host Based IDS

From: "Erik Harrison" <eharrison@xxxxxxxxx>
Date: Mon, 20 Oct 2008 16:17:41 -0400

how many servers, os variations, what kind of changes are you looking
to detect? basic file changes are easy, it's the rest of it that's
complicated and functionality will vary. past that, reporting will be
important to the managers, execs and if you have a lot of other things
to manage - to you as well.

what exactly do you want to show them, will you need to back up any
other responses with relevant data from your org? any other compliance
or security initiatives in the company that you could support with the
package or product?

On Mon, Oct 20, 2008 at 8:12 AM, Security Group <secgro@xxxxxxxxx> wrote:

Hello,

I am currently evaluating several host-based Intrusion Detection
Systems to monitor servers in a DMZ. My company only wants to monitor
for suspecious behaviour on critical servers, without the need for a
company wide security system. I am not interested in a network-bases
ids because this is already covered by our company.
The list below contains my findings so far;

OSSEC
Open Source Tripwire
SAMHAIN
OSIRIS
AIDE
Third Brigade Deep Security
Symantec Critical System Protection
IBM Proventia
Enterasys Dragon IDS/IPS
McAfee Total Protection for Endpoint
CA Host-Based Intrusion Prevention System r8
GFiEventsManager
Cisco Security Agent

I am thinking of suggesting OSSEC. Does anyone have any other suggestions?

Thanks in advance.

Kind regards,

Babel Timon

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Follow-Ups:
- Re: Host Based IDS
  - From: belka

References:
- Host Based IDS
  - From: Security Group

Prev by Date: Re: Host Based IDS
Next by Date: Re: Host Based IDS
Previous by thread: Re: Host Based IDS
Next by thread: Re: Host Based IDS
Index(es):
- Date
- Thread

Relevant Pages

Re: Need urgent help regarding security
... There is plenty of security info out there ... email from even a dozen servers is small. ... an OS version upgrade should not be taken lightly. ... Given that your root password was apparently found on the servers, ...
(freebsd-questions)
[Full-Disclosure] w32.frethem.k@mm and good reading
... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ...
(Full-Disclosure)
[Full-Disclosure] w32.frethem.k@mm and good reading
... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ...
(Full-Disclosure)
RE: IIS6 Security and other web servers
... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ...
(Security-Basics)
TSLSA-2005-0059 - multi
... Affected versions: Trustix Secure Linux 2.2 ... PHP is an HTML-embedded scripting language. ... use of Rest with FTP servers and Range with HTTP servers to retrieve files ... - New Upstream and Multiple Vendor Security Fixes ...
(Bugtraq)