Re: free hIDS, or system assessment tools
From: H Carvey (keydet89_at_yahoo.com)
Date: 09/22/04
- Previous message: Kelly Martin: "SF new article announcement: Detecting Worms and Abnormal Activities with NetFlow, Part 2"
- Maybe in reply to: Fahad Al-Suwais: "free hIDS, or system assessment tools"
- Next in thread: Malik Khan: "RE: free hIDS, or system assessment tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Sep 2004 17:45:54 -0000 To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <65C9FE56B1EB304EA8BC65A50F218C272D53CF@HOMAIL01.alrajhi.bank>
>Is there any free System Assessment tools for windows and *nix
>Is there any free System or host IDS for windows and *nix
There are a couple of (free) ways to go about this, particularly on Windows systems...
For system assessment, I'd recommend:
nmap - http://www.insecure.org
ATK - http://www.computec.ch/projekte/atk/
If you know what you're assessing against, Perl can be used to implement WMI as well as make other calls to the system in order to obtain the necessary information for your assessment...and even update the system to bring it in compliance.
Perl can also be used to implement free monitoring/hIDS. For example, if you set your audit policy appropriately, use something like wmievt.pl (http://patriot.net/~carvdawg/perl.html) to send Event Log entries off of the system as they are generated. From the same site, you can use FSW.pl to watch for file system changes.
HTH,
H. Carvey
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
- Previous message: Kelly Martin: "SF new article announcement: Detecting Worms and Abnormal Activities with NetFlow, Part 2"
- Maybe in reply to: Fahad Al-Suwais: "free hIDS, or system assessment tools"
- Next in thread: Malik Khan: "RE: free hIDS, or system assessment tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
