Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: NIDS and HIDS

from [Maynor, David (ISS Atlanta)] Network Security [Permanent Link]
Subject: RE: NIDS and HIDS
Date: Wed, 8 Dec 2004 19:04:38 -0500 
http://www.phrack.org/show.php?p=62&a=5

Take a look at this article when looking at HIDS solutions. 

-----Original Message-----
From: Martin Mkrtchian [mailto:dotsecure@gmail.com] 
Sent: Tuesday, December 07, 2004 5:10 PM
To: KC
Cc: Youngquist, Jason R.; Focus IDS List
Subject: Re: NIDS and HIDS

New version of entercept has desktop firewall option. 

It is a great enterprise wide solution. It ties right in with
Entercept management console and you can manage both entercept servers
and desktops at the same time. The new version of entercept also has
graphical charts, if thats what you are looking for.  You may want to
tie that with Mcafee is intrushield IPS solution. We have been using
it for a while both entercept and intrushield and we have been pretty
happy with it.


Thanks

Martin Mkrtchian

dotsecure@gmail.com


On Sat, 04 Dec 2004 06:47:32 +0400, KC <lists@sonicc.net> wrote:

Regarding your Symantec Client Security comment, just a note that

there

is no HIDS in that product, its more like a basic signature based IDS

at

the host level,
it does'nt perform any of the advance HIDS functionality that you'd
expect from a full HIDS product.




Youngquist, Jason R. wrote:


I just recently started a new job as a network security analyst and

one

of my projects is to implement an intrusion detection system.  I've

been

doing some research and pursuing the listserv archives and was

wondering

if anyone had any thoughts/opinions.


For NIDS's, I've been looking at SourceFire's commercialized version

of

Snort, CISCO's IDS appliances, and McAffee's IntruShield.


For HIDS's, there appears to be three main categories:  monitoring

the

host's file system, the host's network connections, and the host's

log

files.
--Host's file system:  I'm looking at Tripwire Manager, Tripwire for
Servers, and Tripwire for Network Devices.

--Host's network connections:  I'm looking for an enterprise-wide
solution that we can roll out to all the Windows XP machines and
centrally manage.  Since we already use Symantec for anti-virus,
Symantec's Client Security 2.0 seems to incorporate a centrally

managed

personal firewall, HIDS, and anti-virus capability.

--Host's log files:  I'm looking at implementing a centralized
syslog/syslog-ng server on a Linux box and having all Windows XP

boxes

and network devices log to it.  I'd also stick the data into a MySQL
database to allow for easy querying.

I'd like to have an analysis program that would take data from the

NIDS,

HIDS, syslog, and tripwire logs, put it all together, and be able to
give me some useful charts and graphical summaries so management can

see

that their money was well spent in securing the organization's
infrastructure.


Thanks.
Jason Youngquist




-----------------------------------------------------------------------

---

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks

from

CORE IMPACT.
Go to

http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.


-----------------------------------------------------------------------

---









------------------------------------------------------------------------
--

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to

http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.


------------------------------------------------------------------------
--





------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: list of AVAILABLE IDS/IPS SYSTEMS, Ross, Alan D
Next by Date:  Newbie question: autoblocking with IDS/IPS, Daniel
Previous by Thread:  RE: NIDS and HIDS, Timm, Kevin
Next by Thread:  Snort implementation question?, robin
Indexes:  [Date] [Thread] [Top] [All Lists]