Re: Dedicated intrusion detection system



In article <Xns978CF1127CCA6jbuserspc9org@xxxxxxxxxxxxxx>, Jem Berkes says...

We have a spare computer with a dead hard drive that I'd like to use
as a dedicated intrusion detection system.
I want it to boot a hardened distro from a CD, and then probe all our
production servers' ports and scan the hard drives with programs like
Aide and Samhain. It will compare against a read-only database on the
second CD drive. I'm sure a setup like this must have been created
hundreds of times already, so I'm hoping someone can point me to some
resources.

Have you considered using Snort
http://www.snort.org/

Depending on which modes you run it in, Snort can sniff (and log) packets
and analyze traffic to detect many types of active attacks. If you are
setting up a dedicated intrusion detection system I would suggest using a
different operating system than your main server, so there is some
diversity. e.g. if one is Linux, maybe run FreeBSD on the other.

I'd love to run Snort along with Oinkmaster, but the available box has only
128MB of memory.
Do you know of a live CD that incorporates any of these tools?

Thanks, Rick DeBay


--
NewsGuy.Com 30Gb $9.95 Carry Forward and On Demand Bandwidth

.



Relevant Pages

  • Re: Dedicated intrusion detection system
    ... as a dedicated intrusion detection system. ... production servers' ports and scan the hard drives with programs like ... Have you considered using Snort ...
    (comp.os.linux.security)
  • Re: Dedicated intrusion detection system
    ... production servers' ports and scan the hard drives with programs like ... Depending on which modes you run it in, Snort can sniff packets and analyze traffic to detect many types of active attacks. ... If you are setting up a dedicated intrusion detection system I would suggest using a different operating system than your main server, ...
    (comp.os.linux.security)
  • Re: Dedicated intrusion detection system
    ... as a dedicated intrusion detection system. ... production servers' ports and scan the hard drives with programs like ... Have you considered using Snort ...
    (comp.os.linux.security)
  • Dedicated intrusion detection system
    ... dedicated intrusion detection system. ... I want it to boot a hardened distro from a CD, and then probe all our production ... servers' ports and scan the hard drives with programs like Aide and Samhain. ...
    (comp.os.linux.security)
  • Re: block a user from deleting their temp internet files
    ... The log might be generated with SNORT -- a free ... intrusion detection system but it can be used to ... log most any traffic or even to alert you when ... > history and temp files to a secure partition in which they don't have ...
    (microsoft.public.security)