I asked because I ran into a solution claiming that focusing on root activity vs. user domain is a way to go. I think there is the potential of security breaches within the user domain also. And I am not convinced that this proposal is of value. That is why I asked the question. I also think root activity is defined differently in different OS. So there is a lot of ambiguity in this strategy. I am all for deviding a problem in smaller portions, but I do think it is right for someone to say one event is more important than the other. It only takes one event to compromise a system. Given the whole notion of defense in debt, the argument could be made that perhaps user activity could be monitored more effectively though other methods. But in that case the methods should be at least discussed and some potential solutions should be proposed. Do you agree? The work I was looking at is very academic, and it seems to be that the author did not have good information about what is available in production. I myself am more familiar with NIDS solutions. Do you have any references which you recommend perhaps? Are there independent testing facilities, or blogs or forums I could look into? Thanks- Sean
On Sunday, March 10, 2013 12:45:30 PM UTC-4, Saul Alanis wrote: > > I think this is too broad of a question without any information from you > with regards to what you're looking to monitor (services) . It is a great > conversation nonetheless but I recommend looking up a few books on Amazon > if you really want an in-depth experience. > On Mar 10, 2013 11:36 AM, "Shahin Ansari" <[email protected]<javascript:>> > wrote: > >> Greetings- >> I am looking for some ideas on what are the ideal characteristics of a >> Host Intrusion Detection solution? What sort of events would you like to >> have visibility into, and why are they important? I really appreciate your >> comments. >> Regards- >> Sean >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
