Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pr

from [Bill Stout] Network Security [Permanent Link]
Subject: RE: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro
Date: Tue, 16 Aug 2005 16:58:28 -0700 
That would be a version of a sandbox which can be implemented; as
applets, jails, virtual machines, or a capability system.

You might also take a look at our demo download.  It's along the same
lines, although it extends protection to the file system, registry,
network, DCOM, and user shell.  To do so you'll need to granularly hook
into system calls at the kernel level, and have logic to determine when
to launch a process in protected space.  Here's a direct link (bypasses
registration steps):
http://www.greenborder.com/downloads/GreenBorder_TestDrive_v101.zip.
Come back and register through the main web page if you're interested in
deploying this in a company environment.

Bill


-----Original Message-----
From: Brian Azzopardi [mailto:brian@unixpoet.com] 
Sent: Tuesday, August 09, 2005 11:21 AM
To: Bill Stout; focus-ids@securityfocus.com
Subject: A possible HIPS? Was: Looking for HIDS-only products for
XP/2000Pro


I have implemented a tool which might be useful to protect against both
known and unknown malware. The tool works by restricting the
user-specified
applications to, what in Unix-land would be, a jail. The applications,
for
example IE or Outlook, have only read/write or read only rights to
certain
directories/files. In future I plan to extend the app to protect the
registry as well. I've tested it on W2k/XPpro/W2k3.

I would love to know what the list think of the idea.

Thanks,
Brian


PS
If enough people ask I will release it.


-----Original Message-----
From: Bill Stout [mailto:bill.stout@greenborder.com] 
Sent: Thursday, August 04, 2005 6:20 AM
To: focus-ids@securityfocus.com
Subject: Looking for HIDS-only products for XP/2000Pro

I'm assuming most companies do both HIDS and blocking.  Are there any
companies which specialize in HIDS for XP/2000Pro?  Specifically passive
(worm/virus/Trojan) attacks, maybe with an online database for
reference.

In other words, if we have a product which protects against certain
vectors
(IE & Outlook), and we want to prove that it did protect them although
it
doesn't detect, what could I use to detect and identify specific
attacks?

Bill Stout
Director of IT
GreenBorder, Inc
www.greenborder.com


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: A possible HIPS? Was: Looking for HIDS-only products for XP/2000Pro, Bill Stout <=
Previous by Date:  Re: IDS - DECISION SUPPORT SYSTEM, Avi C
Next by Date:  RE: Snortcenter, Prelude-IDS, Matthew MacAulay
Previous by Thread:  Honeynet Security Console 2.5 Released, Jeff Dell
Next by Thread:  Snort inline and iptables, afshinlamei
Indexes:  [Date] [Thread] [Top] [All Lists]