> I was wondering if anybody had any suggestions for a Host Based IDS. I am
> looking at this for a single machine off of our DMZ. I would like
> everything to be all inclusive. i.e. Manager and Agent on one machine also
> cost is an issue I don't want something too expensive. This is an NT
> machine so all of the freeware Linux products probably won't help.
Snort works on NT. Certainly the best freely available IDS. Check out
snort.org. It's really more of a network IDS, but you can monitor
connections to a particular host.
Are you talking about real-time host-based IDS? NT runs slow enough as
it is; why would you want to introduce something that increases the
overhead any more than it already is?
Additionally, monitoring only one machine is not going to provide the
benefit you think it might. There are always trust relationships between
hosts in a DMZ, and if any one of those are compromised, the trust
relationship could likely be used to compromise the rest...
Regards,
Dave
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
