Re: free hIDS, or system assessment tools

From: H Carvey (keydet89_at_yahoo.com)
Date: 09/22/04

  • Next message: GuidoZ: "Re: Laptop Encryption & Hibernation"
    Date: 22 Sep 2004 17:45:54 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <65C9FE56B1EB304EA8BC65A50F218C272D53CF@HOMAIL01.alrajhi.bank>

    >Is there any free System Assessment tools for windows and *nix
    >Is there any free System or host IDS for windows and *nix

    There are a couple of (free) ways to go about this, particularly on Windows systems...

    For system assessment, I'd recommend:
    nmap - http://www.insecure.org
    ATK - http://www.computec.ch/projekte/atk/

    If you know what you're assessing against, Perl can be used to implement WMI as well as make other calls to the system in order to obtain the necessary information for your assessment...and even update the system to bring it in compliance.

    Perl can also be used to implement free monitoring/hIDS. For example, if you set your audit policy appropriately, use something like wmievt.pl (http://patriot.net/~carvdawg/perl.html) to send Event Log entries off of the system as they are generated. From the same site, you can use FSW.pl to watch for file system changes.

    HTH,

    H. Carvey
    http://www.windows-ir.com
    http://groups.yahoo.com/group/windowsir/

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------


  • Next message: GuidoZ: "Re: Laptop Encryption & Hibernation"

    Relevant Pages

    • free hIDS, or system assessment tools
      ... As I know snort is nIDS, nessus is network assessment tool ... Is there any free System Assessment tools for windows and *nix ...
      (Security-Basics)
    • free hIDS, or system assessment tools
      ... As I know snort is nIDS, nessus is network assessment tool ... Is there any free System Assessment tools for windows and *nix ...
      (Focus-IDS)
    • Re: free hIDS, or system assessment tools
      ... > Is there any free System Assessment tools for windows and *nix ... Test Your IDS ...
      (Focus-IDS)
    • RE: free hIDS, or system assessment tools
      ... free hIDS, or system assessment tools ... There are a couple of ways to go about this, particularly on Windows ... Confidentiality Notice ... The information contained in this e-mail message is proprietary ...
      (Security-Basics)