Re: Need some advice on an IDS solution
From: sponge (yosponge_at_yahoo.com)
Date: 11/22/03
- Next message: Casper H.S. ***: "Re: Hardening a Solaris system."
- Previous message: Bob: "Need information on C3 Security for hpux."
- In reply to: Jackson Loving: "Need some advice on an IDS solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Nov 2003 00:56:23 -0800
On 20 Nov 2003 11:01:37 -0800, ryan.g.loving@us.army.mil (Jackson
Loving) wrote:
>I would like to build an IDS machine using Solaris 9. Does anyone
>have any suggestions on the best IDS program I should use.
I will second the recommendation of Snort, at least as an entry-level
IDS, although you have to understand that the machines you are
watching may behave differently than Snort on Solaris. If you're
monitoring, say, Windows machines, you're going to find yourself very
prone to insertion or evasion attacks since the behavior of the *Nix
IP stacks is significantly different. If this were the case, you'd
probably be better served running the Windoze version on a Windoze
box. Alternatively, you can grab the source and make any necessary
changes to properly address the nuances of whatever stacks you're
guarding and then recompile. On the other hand, if you're looking for
something a little more serious for Solaris, your best bet is ISS'
RealSecure, but you won't have the benefit of source code.
Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com
- Next message: Casper H.S. ***: "Re: Hardening a Solaris system."
- Previous message: Bob: "Need information on C3 Security for hpux."
- In reply to: Jackson Loving: "Need some advice on an IDS solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
