This is just as I expected. Thanks for sharing your thoughts.
On Mon, Mar 11, 2013 at 1:42 PM, Jb Cheng <[email protected]> wrote: > Extracted from the book "OSSEC HIDS - Host-Based Intrusion Detection Guide" > by Andrew Hey/Daniel Cid/ > page 8-9 comparing HIDS vs. NIDS: > " > An HIDS detects events on a server or workstation and can generate alerts > similar to an > NIDS. An HIDS, however, is able to inspect the full communications stream. > NIDS evasion > techniques, such as fragmentation attacks or session splicing, do not > apply because the HIDS > is able to inspect the fully recombined session as it is presented to the > operating system. > Encrypted communications can be monitored because your HIDS inspection can > look at > the traffi c before it is encrypted. This means that HIDS signatures will > still be able to > match against common attacks and not be blinded by encryption. > > An HIDS is also capable of performing additional system level checks that > only IDS software > installed on a host machine can do, such as fi le integrity checking, > registry monitoring, log > analysis, rootkit detection, and active response. > " > > My own opinion of 'root' vs. 'user' --- > Sure, root activities have the potential to create maximum damage. > However, when hackers focus on information stealing, I think user > activities could be very valuable and should not be ignored easily. > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/o9qAc-ELTow/unsubscribe?hl=en > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- Never give in, never give in, never, never, never, never-in nothing, great or small, large or petty-never give in except to convictions of honor and good sense. -Winston Churchill -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
