(Page 4 of 11)   < Prev  1 2 3 4 5 6 7 8 9  Next >

Category: Intrusion Detection » Host

Saint Jude
Added 2002-05-17
by Tim Lawless
Saint Jude is a wholly kernel-based intrusion detection and intrusion response system that implements the Saint Jude Model for detection of improper privilege transitions. Saint Jude can detect the presence of ongoing and successful attacks, from sources both local and remote, that would yield root-level access to the attacking individual. Detection is performed using a rule-based anomaly detector that uses a model of normal system behavior that is generated on the protected machine during a training phase. By comparing actual actions against a fully developed model, it is possible to detect attacks against vulnerabilities that are both known and unknown with no false positives or negatives.

SNARE
Added 2002-04-03
by RedPhoenix
SNARE (System iNtrusion Analysis and Reporting Environment) is a dynamically loadable kernel module that will form the basis for a host intrusion detection facility and C2-style auditing/event logging capability for Linux.

Linux Intrusion Detection System LSM (Linux Security Module)
Added 2002-04-02
by Huagang Xie
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.

IDSA
Added 2002-03-21
by Marc Welz
IDS/A is an experimental interface between applications and a daemon which functions as system logger, reference monitor, and soon and intrusion detection system. It ships with a pam module, apache module, tcp wrapper replacement, system logger replacement and execv preload library. These components can be used to gather and integrate information as well as deny suspicous actions when they are attempted.

NetSaint
Added 2002-03-18
by Ethan Galstad, netsaint@linuxbox.com
NetSaint is a program that will monitor hosts and services on your network. It has the ability to email or page you when a problem arises and when a problem is resolved. Several CGI programs are included in order to allow you to view the current service status, problem history, notification history, and log file via the web.

Firewall Monitor
Added 2002-02-14
by Gianni Tedesco, scaramanga@barrysworld.com
fwmon is a firewall monitor for Linux. It integrates with ipchains to give you realtime notification of firewall events. It has fairly customizable output, allowing you to display a packet summary, hex, and ascii data dumps to stdout, a logfile, or tcpdump-style capture files. It also boasts some simple security features such as the ability to chroot itself, and operate in a non-root environment.

FPortNG
Added 2002-02-13
by Foundstone
fport reports all open TCP/IP and UDP ports and maps them to the owning application. fport requires the usage of psapi.dll. On Windows NT, psapi.dll must be in the same dir, or path, as fport. For Windows 2000, this is not the case, since the system contains the .dll. The program contains five (5) switches that allow you to sort by application, process ID, application path, port, and display help.

AIDE (Advanced Intrusion Detection Environment)
Added 2002-02-11
by Rami Lehti and Pablo Virolainen
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

CHX-I Universal Application Firewall and Intrusion Detection Engine.
Added 2001-12-06
by IDRCI Inc.
CHX-I is a TCP Application firewall. New in version 1.7: - SSL taffic analysis engine allows for in-transit TCP payload firewalling - SSL server side transparent encryption allows encryption of TCP application services - In-transit TCP packet data modification allows for manipulation of sensitive or undesired data - Asynchronous reverse data flow search allows for traffic direction specifications - Multiple engine actions on traffic flow such as Drop, Log and Replace

Modular Syslog
Added 2001-12-05
by Alejo
The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).

Search Tools
Keyword:
Platform:
Category:
Browse by category
Auditing
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Sniffers
Recovery
Passwords
Utilities
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
Authentication
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Replacement
Libraries, Applications
Programming
Libraries
Cryptography
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Rootkits
Secure Deletion
Hardening
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


 

Privacy Statement
Copyright 2010, SecurityFocus