Using OSSEC as a HIDS for one Windows server really isn’t worth the trouble.
You say you have no budget to add a server at that datacenter. Do you have a budget to add a small instance in a private cloud like Amazon EC2? OSSEC will not set itself up to be a good Windows HIDS and it doesn’t block anything out of the box. There is definitely a learning curve but if you have time to invest in learning the tool you will get a good understanding of what’s happening on your servers, and you will learn to start blocking attacks. If I were trying to protect one isolated Windows server and Host Intrusion Detection was needed I would be looking toward a Windows based HID, I pretty sure McAfee makes one. James Whittington From: [email protected] [mailto:[email protected]] On Behalf Of René Kåbis Sent: Wednesday, March 20, 2013 3:18 PM To: [email protected] Subject: Re: [ossec-list] OSSEC manager for Windows? Actually, I have a very distinct need for an OSSEC server on Windows. I run my own Iron, but all I have right now is a single Windows 2008 R2 server in a colo facility. I do NOT have the cash to put a second machine in that facility. Now, how the bloody hell am I supposed to run OSSEC on my Win2K3R2 machine without an OSSEC server??? How do I obtain an "authentication key" without ever adding a second machine to that colo facility??? I don't care about keeping both versions in sync. Some places are a windows-only shop, or have needs like mine (no ability to add a Linux server of any kind). Windows is that other major market share out there, and you cannot ASSume that everyone will have the wherewithal to add a Linux server just to run a client app on a single Windows server. I would like to secure my server. I just cannot afford a second server just to do the authentication key part of it. Oh, well. The hope of having an effective and useful intrusion detection system for my Windows server was fun while it lasted. On Friday, February 1, 2013 6:19:17 AM UTC-8, dan (ddpbsd) wrote: On Fri, Feb 1, 2013 at 9:12 AM, mike <[email protected] <javascript:> > wrote: > why do you say 'thankfully' no. > Because supporting that would be a hell I wouldn't wish upon my worst enemies. Because keeping the Windows version and the main version in sync would be a nightmare. Because Windows probably isn't the best platform for an OSSEC server. > On Friday, February 1, 2013 11:58:26 AM UTC, dan (ddpbsd) wrote: >> >> >> On Feb 1, 2013 6:58 AM, "mike" <[email protected]> wrote: >> > >> > Is there a Windows version of the OSSEC manager nowadays? >> > >> > -- >> >> Thankfully no. >> >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:> . > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
