re: windows 2000 Intrustion Detection
From: H C (keydet89@yahoo.com)Date: 06/03/02
- Previous message: Muhammad Faisal Rauf Danka: "Re: Nessus Security Reporting..Inconsistent Reporting?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 Jun 2002 05:55:46 -0700 (PDT) From: H C <keydet89@yahoo.com> To: jonathan@tranceport.net
> Could someone just outright come out and tell me
what
> the best package for intrusion detection is for a
> windows 2000 box.
As you've surely seen from responses so far, the
answer is a simple "no". "Best" is a relative term.
What do you consider "best"...reporting features?
Detection?
Have you considered intrusion protection using
mechanisms inherent to Win2K, like ACLs, etc? Have
you considered setting auditing and logging?
I've seen several posts recommending snort...but snort
runs on 2K, as well (check out the SiliconDefense
website for the binaries). There is no reason why you
can't use snort on 2K, even to the point of installing
it on the box itself w/ a ruleset specifically
designed for the box...remove all *nix/Linux-specific
rules, and any specific rules for applications you're
not using.
So, I'd recommend prevent first, then detection.
Detection can be based on the host, the network, or
both. How you choose to implement either is based on
your available resources...do you have the time and
effort to invest in learning something new, or is it a
matter of immediacy and you have the funds to pay for
a third-party application and a consultant to install
it?
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
- Previous message: Muhammad Faisal Rauf Danka: "Re: Nessus Security Reporting..Inconsistent Reporting?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
