Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Deploying Host based IDS: is there any benefit ??

from [Sanjay Rawat] Network Security [Permanent Link]
Subject: Re: Deploying Host based IDS: is there any benefit ??
Date: Thu, 04 Aug 2005 09:50:12 +0530
Hi Pete:
you can harden the OS, but it doesn't mean that your applications are also hardened. By hardening the OS, you can,to some extent, prevent or avoid intrusions that are aimed to exploit OS itself, but what about applications that are running on it?
Also, syslog etc logs the events. but mere logging in not detection. you must have something which understand what is an attack, so that it can detect that. that is why IDS/IPS are there. you can also observe a shift in present firewalls (application level firewalls) to better understand the events. therefore an IDS is needed to automatically monitor your system and detect event that could compromise your security (or sense of security!!!!)


Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 423
Website : www.intoto.com
  Homepage: http://sanjay-rawat.tripod.com

At 01:58 PM 8/3/2005, Pete wrote: 
Dear Security professionals,

I have been assigned to deply Hist IDS...
But I am trying to assess the benefits of HIDS vs devleopment of OS
standard = OS hardening (UNIX and Windows).
Indeed, I think deploying HIDS costs more time and money than OS
hardening and for what benefit since it is a reactive solution.
The maintainance of such a tool is heavy for operational team:
When OS or applications versions change the HIDS agent has to be
reinstalled, and the impact on business applications has to be
assessed again.

Regarding the features, it seems that the detection job of a Host IDS
product can be done by advanced logging features of the OSs (syslog..)
then only centralization and aggregation tool could be helpful.

Please feel free to share your point of view or experience.

Best regards,

Pete

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------








------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Looking for HIDS-only products for XP/2000Pro, Bill Stout
Next by Date:  Cisco IOS Shellcode - McAfee IPS Protection, planz 235
Previous by Thread:  Deploying Host based IDS: is there any benefit ??, Pete
Next by Thread:  Looking for HIDS-only products for XP/2000Pro, Bill Stout
Indexes:  [Date] [Thread] [Top] [All Lists]