Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Host-Based Intrusion Detection/Prevention. Which will you select? (

from [Brunner, Mark] Network Security [Permanent Link]
Subject: RE: Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within)
Date: Fri, 15 Jul 2005 11:42:04 -0400 
Since budget isn't mentioned, full blown all out Defence in depth.
NIDS inside and outside the firewall and all ingress/egress points to provide 
metrics regarding stop rate of perimeter devices.
NIDS/NIPS covering each subnet.
HIDS/HIPS in the core on critical servers.
Tripwire on all devices to detect configuration changes.

I'm hearing a lot of positive feedback regarding Tipping Point's IDS/IPS 
products.

Mark
-----Original Message-----
From: mark12_30@hotmail.com [mailto:mark12_30@hotmail.com]
Sent: Friday, July 15, 2005 4:20 AM
To: focus-ids@securityfocus.com
Subject: Host-Based Intrusion Detection/Prevention. Which will you
select? (Requirements within)


Hello,

I'm interested in the general feel from people about what should be used in the 
following scenario:

- Large corporation (4000+ servers)
- Looking for Host-Based IDS/IPS for key servers
- Established 24x7 monitoring team
- Solution has to pick up common exploits (Buffer Overruns & API calls etc)
- Has large, established network IDS
- Only deploying on windows win2k & 2003 servers (web, email, app, db etc)
- Conservative windows server management group
- Implementing point solution SIEM (eg arcsight etc)

Given the above situation, what would you recomment?  I understand from a lot 
of research that HIPS is gathering momentum.  Any thoughts would be great, esp 
suggestions on products

Thank you

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS and Bandwidth, Michael Allgeier
Next by Date:  Re: NetFlow for IDS, Adam Powers
Previous by Thread:  Re: Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within), Mark Teicher
Next by Thread:  RE: Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within), Andrew Plato
Indexes:  [Date] [Thread] [Top] [All Lists]