PaulDotCom mailing list archives
File integrity monitoring software
From: mmcgrew1 at mail.csuchico.edu (Michael McGrew)
Date: Mon, 22 Mar 2010 08:04:05 -0700
Speaking of CCDC, I'll be going as my team leader to the WRCCDC this weekend. Any tips? I'm really scared about the red team gaining access to L2 of my network. Was VLAN hopping and switch/router tampering a common thing? I'm guessing that the web app lended very generous to the red team? On Thu, Mar 18, 2010 at 1:50 PM, Robert Miller <arch3angel at gmail.com> wrote:
I would recommend OSSEC all the way, a joint effort with your IDS, such as snort, helps greatly. To reduce the false incidents I agree with Ron 100% you need a means to compare events such as a file change and an event on the network. OSSEC is a great start though, if you want something inexpensive you can look at OSSIM (http://www.alienvault.com/community.php?section=Home) while the recently release is better the over all documentation is not the greatest and it does bundle into the OS things that may not be needed for your implementation, plan some time for tweaking and testing. Keep us up to date as to what you guys choose and how it works out for you. - Robert (arch3angel) On 3/12/2010 3:02 PM, Kennith Asher wrote: Greetings gurus- The company I work for is being pressed to deploy file integrity monitoring tools in our production environment. I've not worked with such tools in the past and am interested in your experiences. I have concerns around noise levels, false positives, how to control file integrity and still keep up with vendor updates (50 hour days anyone?). Anyone have any recommendations? Thanks, Ken _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.comhttp://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100322/d33734dd/attachment.htm
Current thread:
- File integrity monitoring software Kennith Asher (Mar 12)
- File integrity monitoring software Ralph Durkee (Mar 13)
- File integrity monitoring software Brett (Mar 13)
- File integrity monitoring software Ron Gula (Mar 16)
- File integrity monitoring software Robert Miller (Mar 18)
- File integrity monitoring software Michael McGrew (Mar 22)
- <Possible follow-ups>
- File integrity monitoring software Robert Wahl (Mar 14)
- File integrity monitoring software Ralph Durkee (Mar 13)