|
IDS
mailing list archives
RE: NIDS and HIDS
From: "Timm, Kevin" <TimmK () netsolve com>
Date: Wed, 1 Dec 2004 12:15:26 -0600
For HIDS there is also kernel level process interruption which actually does some protection somewhat like AV
-----Original Message-----
From: Karel Chwistek [mailto:karel_chwistek () cz ibm com]
Sent: Wednesday, December 01, 2004 2:31 AM
To: Focus IDS List
Subject: Re: NIDS and HIDS
Try to look at:
IBM Tivoli Security Compliance Manager - http://www-306.ibm.com/software/tivoli/products/security-compliance-mgr/
K.
I just recently started a new job as a network security analyst and
one of my projects is to implement an intrusion detection system.
I've been doing some research and pursuing the listserv archives and
was wondering if anyone had any thoughts/opinions.
For NIDS's, I've been looking at SourceFire's commercialized version
of Snort, CISCO's IDS appliances, and McAffee's IntruShield.
For HIDS's, there appears to be three main categories: monitoring the
host's file system, the host's network connections, and the host's log
files.
--Host's file system: I'm looking at Tripwire Manager, Tripwire for
Servers, and Tripwire for Network Devices.
--Host's network connections: I'm looking for an enterprise-wide
solution that we can roll out to all the Windows XP machines and
centrally manage. Since we already use Symantec for anti-virus,
Symantec's Client Security 2.0 seems to incorporate a centrally
managed personal firewall, HIDS, and anti-virus capability.
--Host's log files: I'm looking at implementing a centralized
syslog/syslog-ng server on a Linux box and having all Windows XP boxes
and network devices log to it. I'd also stick the data into a MySQL
database to allow for easy querying.
I'd like to have an analysis program that would take data from the
NIDS, HIDS, syslog, and tripwire logs, put it all together, and be
able to give me some useful charts and graphical summaries so
management can see that their money was well spent in securing the
organization's infrastructure.
Thanks.
Jason Youngquist
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: NIDS and HIDS, (continued)
|
Intro
