OSSEC does more than just log-based detection. It has hash-based file integrity checksumming, rootkit detection, and the distributed active-response mechanism to immunize all agents against threats detected on just a single node.
OSSEC is a very powerful and promising product. It won't function like a NIDS, so it's not a complete solution. It is however a great piece to a complete solution. Stefano Zanero wrote: > Security Group wrote: > >> I am currently evaluating several host-based Intrusion Detection >> Systems to monitor servers in a DMZ. > > Which type of servers ? > >> OSSEC > > Which is a log-based IDS... > >> Open Source Tripwire > > This is a file alteration monitor... > >> IBM Proventia >> Enterasys Dragon IDS/IPS > > Aren't these NIDS ? > >> Cisco Security Agent > > This is an anomaly-based HIDS... > > You are comparing apples, oranges, bananas and lemons together... this > is not really productive. > >> I am thinking of suggesting OSSEC. Does anyone have any other suggestions? > > Maybe you should clarify with yourself what you are actually trying to > do ;-) > > Stefano > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > ------------------------------------------------------------------------ > -- Brad Lhotsky <[EMAIL PROTECTED]> RRB/NCTS 410.558.8006 .. WAR IS PEACE FREEDOM IS SLAVERY IGNORANCE IS STRENGTH ..
smime.p7s
Description: S/MIME Cryptographic Signature
