I will merely respond that if the definition of an Intrusion Detection System is "a system that is designed to detect an intrusion", then I personally am comfortable calling tripwire and swatch simple forms of IDS. Gratuitously rewriting the definition of what an IDS is, merely because the technology now offers extended possibilities, is a job best left to a vendor marketing department. As always, individual opinions may vary. Ken -----Original Message----- From: Ron DuFresne [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 07, 2001 12:28 PM To: Ken Seefried Cc: [EMAIL PROTECTED] Subject: RE: IDS I would not clasify tripwire as an IDS myself. I consider IDS systems to be proactive, while tripwire lacks that aspect and it's capabilities are far more limited then tools like snort and nfr and such. Swatch, a tool to monitor a single logfile, as opposed to logcheck which can monitor multiple log files, also, is of limited IDS functionality, unless you enhace system logging with other tools. I'm certainly not saying these tools do not have their place nor are not good at what they do, I'm merely saying in this age, they are not what I, at least, would refer to as IDS tools or systems. Thanks, Ron DuFresne On Wed, 7 Mar 2001, Ken Seefried wrote: > Depends on what you want. > > On the low end, Tripwire & Swatch, for example, can act as a simple > host-based intrusion detection system. TCPWrappers can be configured to be > a simple network intrusion detection system. > > You probably want something more sophisticated, however. > > For Linux, there is LIDS (http://www.lids.org/) for host-based intrusion > detection. This is a kernel-based system. > > Snort (http://www.snort.org/) is quite good for a network based intrusion > detection system. > > I've not yet had time to try it, but Firestorm looks like it might have some > promise as it evolves. See http://firestorm.geek-ware.co.uk/menu.php. > > There are a number of others. Try > http://freshmeat.net/search/?q=intrusion+detection for a start. > > Ken Seefried, CISSP > CTO - DigitalMoJo, Inc. > > -----Original Message----- > From: Mark, Johnston [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 07, 2001 9:31 AM > To: [EMAIL PROTECTED] > Subject: IDS > > > Can anyone recommend a freeware version of an IDS product ? > > Thanks > Mark > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
