IDS Question
Results 1 to 7 of 7

Thread: IDS Question

  1. #1
    Junior Member
    Join Date
    Sep 2002
    Posts
    12

    IDS Question

    Hey guys! I've been reading the forum for a few weeks now and think this may be the best place to get some feedback. I am in the market for a host based IDS and was wondering if anyone has had any experiences (good or bad) with such systems. The more info the better, but if you just want to post the names of some good IDS products I will do the research. Thanks a bunch for the help!

    Slim

  2. #2
    Well, JP uses Real Secure (http://www.iss.net/products_services...ork/sensor.php), and from what I read, is really good software for the enterprise. I do not know the prices, the site was not clear on that.

    I have tried is snort www.snort.org works pretty well and is open source.

    hope this helps.

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    What OS are you running i use snort for an intrusion detection system *yes i got it set up eventually *
    well you can get it here for linux and win check it out here http://www.snort.org i havent found out all its uses but it has been doing well logging alerts and such check it out

    EDIT albn we posted at the same time you must type faster
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    The realsecure JP uses is, I think, geared more towards NIDS (network intrusion detection vs host based), or at least that is what the brief signature snippet I can see looks like. ISS is obscenely expensive, although it does have host based IDS capabilities (I personally would stick to a NIDS, but, to answer your question: it depends.

    It depends on what you are trying to look for, are you looking for a log checker, a system checker, a network watcher ?

    Good starting points: Tripwire (I think you can still get a version for free)
    Psionic PortSentry (very good imho, listens to network ports and can block based on what it sees), they also make logwatch, swatch and something else, the name eludes me at the moment. I am wanting to say that they are all free.

    /Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Junior Member
    Join Date
    Sep 2002
    Posts
    12
    Thanks for the feedback guys! I looked into Snort and Real Secure for Network based IDS solutions, but eventually went with another vendor. Now I am in the market for something Host based to sit on the actual servers in my DMZ and monitor logfiles and system events etc... I am looking for some feedback on products such as Tripwire www.tripwire.com and Osiris http://osiris.shmoo.com/ Anyone have any experience with any of these?

    Thanks again,
    Slim

    thanks neb I will check into Psionic PortSentry you posted as I was writing my response lol....

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Never played with Osiris, but Tripwire is pretty good.

    The Psionic product line is my current favourite and highly recommend it

    Out of curiousity, what NIDS vendor did you go with ?

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Looking for IDS

    I use Trip Wire, and I like it. It seems very robust and pretty efficient for our purposes. If you are looking to monitor event logs on multiple servers and such, you may want to look into something like ELM Log Manager here . Let us know what you decide and how it goes. I'm curious to know...hope all goes well and that we have helped at least a bit....
    Opinions are like holes - everybody\'s got\'em.

    Smile

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •