Focus on IDS
Re: host sensors needed? May 04 2011 08:40PM
stcroix111 netscape net
As I am sure you could have predicted, my answer is that it depends. There are more security options available in a HIDS solution that you won't find when using the tools that you mention in your post such as being able to do behavioral analysis of the software executing on the server. For example, you can deny certain executables from running in a directory where it isn't expected, block all executables from running in temp directories, home directories, etc. As with any software there is a learning curve so it is best to start out with HIDS running in "learning" mode which you can tune over time.
When looking at defense in depth, go for a mixture of signature-based (IDS, AV) along with heuristic or behavior-based tools. Hope this helps.

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus