Security Basics mailing list archives

HIDS recommendations

From: "Tom Dominico, Jr." <tdominico () kermantel net>
Date: Thu, 11 Sep 2003 09:28:18 -0700

I am interested in using a host-based IDS for a few of our servers that
face the Internet and are most vulnerable.  The only product I am even
slightly familiar with is Tripwire, which apparently comes in free and
non-free variants.  I am interested in your experiences and
recommendations.  Eventually I would like to team this up with some sort
of NIDS, but that's a fairly large undertaking, from what I've gathered.
I thought that it might be easier to start off with HIDS.  My servers
are currently Windows-based, but there will most likely be a Linux or
BSD box in the mix very shortly.  They run basic services such as web,
mail, etc.  Any thoughts?  Thanks.

Tom Dominico


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

HIDS recommendations Tom Dominico, Jr. (Sep 11)
- RES: HIDS recommendations Eduardo Sanches (Sep 11)
- Re: HIDS recommendations Jimi Thompson (Sep 12)
  - RE: HIDS recommendations David Gillett (Sep 12)
- <Possible follow-ups>
- RE: HIDS recommendations Megan Golding (Sep 12)