Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: NIDS and HIDS

from [Timm, Kevin] Network Security [Permanent Link]
Subject: RE: NIDS and HIDS
Date: Wed, 1 Dec 2004 12:15:26 -0600 
For HIDS there is also kernel level process interruption which actually does 
some protection somewhat like AV  

-----Original Message-----
From: Karel Chwistek [mailto:karel_chwistek@cz.ibm.com] 
Sent: Wednesday, December 01, 2004 2:31 AM
To: Focus IDS List
Subject: Re: NIDS and HIDS

Try to look at:

    IBM Tivoli Security Compliance Manager - 
http://www-306.ibm.com/software/tivoli/products/security-compliance-mgr/

K.




I just recently started a new job as a network security analyst and 
one of my projects is to implement an intrusion detection system.  
I've been doing some research and pursuing the listserv archives and 
was wondering if anyone had any thoughts/opinions.


For NIDS's, I've been looking at SourceFire's commercialized version 
of Snort, CISCO's IDS appliances, and McAffee's IntruShield.


For HIDS's, there appears to be three main categories:  monitoring the 
host's file system, the host's network connections, and the host's log 
files.
--Host's file system:  I'm looking at Tripwire Manager, Tripwire for 
Servers, and Tripwire for Network Devices.

--Host's network connections:  I'm looking for an enterprise-wide 
solution that we can roll out to all the Windows XP machines and 
centrally manage.  Since we already use Symantec for anti-virus, 
Symantec's Client Security 2.0 seems to incorporate a centrally 
managed personal firewall, HIDS, and anti-virus capability.

--Host's log files:  I'm looking at implementing a centralized 
syslog/syslog-ng server on a Linux box and having all Windows XP boxes 
and network devices log to it.  I'd also stick the data into a MySQL 
database to allow for easy querying.

I'd like to have an analysis program that would take data from the 
NIDS, HIDS, syslog, and tripwire logs, put it all together, and be 
able to give me some useful charts and graphical summaries so 
management can see that their money was well spent in securing the 
organization's infrastructure.


Thanks.
Jason Youngquist




--------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708



to learn more.


--------------------------------------------------------------------------





--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Port Speed setting in Cisco IDS 4235, mavericks2
Next by Date:  Re: NIDS and HIDS, Jason Haar
Previous by Thread:  open source ids list for implementation, gaurav_jindal
Next by Thread:  RE: NIDS and HIDS, Maynor, David (ISS Atlanta)
Indexes:  [Date] [Thread] [Top] [All Lists]