Focus on IDS
Host Based IDS Oct 20 2008 12:12PM
Security Group (secgro gmail com) (4 replies)
RE: Host Based IDS Oct 21 2008 03:00PM
Andrew Plato (andrew plato anitian com) (1 replies)
RES: Host Based IDS Oct 21 2008 04:31PM
Rafael Dreher (rafael_dreher sicredi com br) (2 replies)
Re: Host Based IDS Oct 27 2008 05:52AM
ॐ aditya mukadam ॐ (aditya mukadam gmail com)
RE: Host Based IDS Oct 21 2008 09:16PM
Andrew Plato (andrew plato anitian com) (1 replies)
RE: Host Based IDS Oct 22 2008 03:24PM
Leandro Venturini (leandro unlam edu ar)
Re: Host Based IDS Oct 21 2008 05:42AM
Dharmendra T (dbavale gmail com)
Re: Host Based IDS Oct 20 2008 08:17PM
Erik Harrison (eharrison gmail com) (2 replies)
Re: Host Based IDS Dec 01 2008 01:43PM
Security Group (secgro gmail com) (1 replies)
Re: Host Based IDS Dec 01 2008 07:41PM
Stefano Zanero (zanero elet polimi it)
Re: Host Based IDS Oct 21 2008 02:46PM
belka att net
Re: Host Based IDS Oct 20 2008 07:01PM
Stefano Zanero (s zanero securenetwork it) (3 replies)
Re: Host Based IDS Oct 21 2008 11:40AM
jeffrey stebelton citi com (1 replies)
Re: Host Based IDS Oct 21 2008 09:29PM
JiPi DiNi (jipidini gmail com)
RE: Host Based IDS Oct 20 2008 09:32PM
Kirk, James P. (JAMES P KIRK saic com)
Re: Host Based IDS Oct 20 2008 08:29PM
Brad Lhotsky (lhotskyb mail nih gov)
OSSEC does more than just log-based detection. It has hash-based file
integrity checksumming, rootkit detection, and the distributed
active-response mechanism to immunize all agents against threats
detected on just a single node.

OSSEC is a very powerful and promising product. It won't function like
a NIDS, so it's not a complete solution. It is however a great piece to
a complete solution.

Stefano Zanero wrote:
> Security Group wrote:
>
>> I am currently evaluating several host-based Intrusion Detection
>> Systems to monitor servers in a DMZ.
>
> Which type of servers ?
>
>> OSSEC
>
> Which is a log-based IDS...
>
>> Open Source Tripwire
>
> This is a file alteration monitor...
>
>> IBM Proventia
>> Enterasys Dragon IDS/IPS
>
> Aren't these NIDS ?
>
>> Cisco Security Agent
>
> This is an anomaly-based HIDS...
>
> You are comparing apples, oranges, bananas and lemons together... this
> is not really productive.
>
>> I am thinking of suggesting OSSEC. Does anyone have any other suggestions?
>
> Maybe you should clarify with yourself what you are actually trying to
> do ;-)
>
> Stefano
>
> ------------------------------------------------------------------------

> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
> to learn more.
> ------------------------------------------------------------------------

>

--
Brad Lhotsky <lhotskyb (at) mail.nih (dot) gov [email concealed]>
RRB/NCTS 410.558.8006
.. WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH ..
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ? 0?ä0?M ã[³+?ÝÏ¡¦?f#Ä0
 *?H?÷
0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080910171540Z
090910171540Z0G10UThawte Freemail Member1$0" *?H?÷
 lhotskyb (at) mail.nih (dot) gov0 [email concealed]?"0
 *?H?÷
?0?
?¹mÒ¯¶¿Ú?ÝckÇÖ???ãG'UУ÷7dϽ@ ù$`NqÔµ©KWxS+®?ñ¨M?xØ¿'ã q 6FU¨ÂvEyÎÆ|ÐLð?åÿª§-D?ÁÀÔ
ÒA«
DÆNÏ·°©1GBG?üâbÚp"|¡?¥D¼Dx@Ñç ©ê®.ïe`ª?þbëCÛË?(×Áî?¿Ôü\ËåÆE|ogtë .°ÜB¾¯6êÊЦO&Ãa!aÁYþ??çE?; *,3?®+]êq >-"?eù?tCjmoA¹¨÷?-np?qÉ£éÁkº§?6T³;£2000 U0lhotskyb (at) mail.nih (dot) gov0 [email concealed] Uÿ00
 *?H?÷
-.?üj t­P¢PðYAxX?æ5?/D+3pÀ`õ*ÕbÍþZHSª?àgé?6
Aûρú~hcïèã3@üÚn??,p?rÀM¥¨§í&ð§·þ§{??7Þa2?Ñ´û`  ¸ã?W?È7 ÖľOCEïêg0?ä0?M ã[³+?ÝÏ¡¦?f#Ä0
 *?H?÷
0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080910171540Z
090910171540Z0G10UThawte Freemail Member1$0" *?H?÷
 lhotskyb (at) mail.nih (dot) gov0 [email concealed]?"0
 *?H?÷
?0?
?¹mÒ¯¶¿Ú?ÝckÇÖ???ãG'UУ÷7dϽ@ ù$`NqÔµ©KWxS+®?ñ¨M?xØ¿'ã q 6FU¨ÂvEyÎÆ|ÐLð?åÿª§-D?ÁÀÔ
ÒA«
DÆNÏ·°©1GBG?üâbÚp"|¡?¥D¼Dx@Ñç ©ê®.ïe`ª?þbëCÛË?(×Áî?¿Ôü\ËåÆE|ogtë .°ÜB¾¯6êÊЦO&Ãa!aÁYþ??çE?; *,3?®+]êq >-"?eù?tCjmoA¹¨÷?-np?qÉ£éÁkº§?6T³;£2000 U0lhotskyb (at) mail.nih (dot) gov0 [email concealed] Uÿ00
 *?H?÷
-.?üj t­P¢PðYAxX?æ5?/D+3pÀ`õ*ÕbÍþZHSª?àgé?6
Aûρú~hcïèã3@üÚn??,p?rÀM¥¨§í&ð§·þ§{??7Þa2?Ñ´û`  ¸ã?W?È7 ÖľOCEïêg0??0?¨ 
0
 *?H?÷
0Ñ1 0 UZA10U Western Cape10U Cape Town10U
Thawte Consulting1(0&U Certification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷
 personal-freemail (at) thawte (dot) com0 [email concealed]
030717000000Z
130716235959Z0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0?0
 *?H?÷
0?Ä¦<UsUûN¹Ê?ZhÀupßéÿ£ì½Íõ[òv½ :aò¿QÎÔåP
0×cZ,?p?ÝÉð+?Zª?qV˯< çñ?6$*Ï+Õó?w=¾+þ»>¿@?dק¦»?eÑÅ*T?H§¶Ñ<
a@dr`·û£?0?0Uÿ0ÿ0CU<0:08 6 4?2http://crl.tha
wte.com/ThawtePersonalFreemailCA.crl0 U0)U"0 ¤010UPrivateLabel2-1380
 *?H?÷
H?ÑP?ê .Ì
£f¬g¯¬¾Â¡C??L!¸ø6ª-?6/ÀôP ?p<ý­áabÃÙ:~?±?Å ?t?%P?bÇÛ'qW%Ý©?9?? Oe_?Ú÷÷?ÖÆN®öê4å[5MwãV!x?Ü!5Þ$±ÓFÿ]_eO1?d0?`0v0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAã[³+?ÝÏ¡¦?f#Ä0 + ?Ã0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
081020202950Z0# *?H?÷
 1W° êÜý%IãRE?ÝÇbq{P0R *?H?÷
 1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0? +?71x0v0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAã[³+?ÝÏ¡¦?f#Ä0? *?H?÷
  1x v0b1 0 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAã[³+?ÝÏ¡¦?f#Ä0
 *?H?÷
?l©oùo6aÑ¿Ïlõ@VÚNØD??-ô?÷QUzÚqJ??ÅåARLsS$'Zá±Ç?¸?û2æa#&î?O
Ýe??Ü·ø¦âÉÚ³?=Ðãsöî°y  I05?pÁ±ö<sD")7Ó?(k?¨öÇ%cõ
ýJcH±¨_+vÓëlp­ûÁ?Qx.ÿ lc £Åó÷îÃd¦SÆé?b?Ý÷s?,6¿?âE\<ãÖÞ|V6¼`þ?ÂÕUW?°]iJ<gD×ôÀñ±;:ï^ÒɳK÷îóªw$
aø¾ÎÄú3î?i`}¿?a©p¦1ÆÙ£tYd+Ì°Ú2

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus