Re: Host Based IDS

Tue, 21 Oct 2008 07:54:18 -0700 

Enterasys Dragon does have a HIDS product. It mainly supports IIS and
Apache on Linux as far as log monitoring; if you run other platforms like
Citrix, Apache on Windows, Lotus Domino or other web or ftp servers you'd
have to roll your own policy and signatures.

Jeff


                                                                           
             Stefano Zanero                                                
             <[EMAIL PROTECTED]                                             
             etwork.it>                                                 To 
             Sent by:                  Security Group <[EMAIL PROTECTED]>   
             [EMAIL PROTECTED]                                          cc 
             tyfocus.com               [email protected]         
                                                                   Subject 
                                       Re: Host Based IDS                  
             10/20/2008 04:00                                              
             PM                                                            
                                                                           
                                                                           
                                                                           
                                                                           




Security Group wrote:

> I am currently evaluating several host-based Intrusion Detection
> Systems to monitor servers in a DMZ.

Which type of servers ?

> OSSEC

Which is a log-based IDS...

> Open Source Tripwire

This is a file alteration monitor...

> IBM Proventia
> Enterasys Dragon IDS/IPS

Aren't these NIDS ?

> Cisco Security Agent

This is an anomaly-based HIDS...

You are comparing apples, oranges, bananas and lemons together... this
is not really productive.

> I am thinking of suggesting OSSEC. Does anyone have any other
suggestions?

Maybe you should clarify with yourself what you are actually trying to
do ;-)

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw

to learn more.
------------------------------------------------------------------------



Disclaimer: The information contained in this message is confidential and 
intended only for the use of the individual or entity identified. If the reader 
of this message is not the intended recipient, any dissemination distribution 
or copying of the information contained in this message is strictly prohibited. 
If you received this message in error, please notify the sender immediately and 
destroy any copies you may have. Citi, Inc and its affiliates assume no 
liability for data tampering or loss of confidentiality, which occur outside 
its direct control as a result of the use of unencrypted communications methods.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Reply via email to