Hi, does anyone know about a good host based intrusion detection
system for IBM AIX 5.X ?
Hi Per,Quote:>Hi, does anyone know about a good host based intrusion detection
>system for IBM AIX 5.X ?
If you're talking IBM, perhaps the "IBM Tivoli Access Manager for
Operating Systems" suite comes close. It runs on AIX 4.3.3 and 5.1.
I can't tell you about the quality of this product.
Another Tivoli product is the "IBM Tivoli Intrusion Manager". However,
this IDS product seems to be available for the Win2000 platform only,
Other major NIDS and HIDS solutions that may or may not run on AIX can
be found on http://www.honeypots.net/ids/products (suggestions for
this list are much appreciated).
Intrusion Detection Systems,
Honeypots, Incident Handling
A host is a single computer
A network is a group of computers
Host IDS detects instrusions on a single PC
Network IDS watches the network which may have multiple PC's or clients.
Could be a class A/B/C or even D network or any combination. For
networks, an IDS normally exist at the enclave boundry protecting or
monitoring all traffic at the boundry going to/from networks behind the
Disclaimer: Various IDS make various claims.
A host IDS may protect your network if you have a dual nic'd host
between your network and your provider.
For example: I may have a WIN2K PC with 2NICS with one NIC connected to
my cable modem and service provider and the other NIC connected to a hub
or switch with my kids computer, bedroom computer, living room and
kitchen computer connected to the hub/switch. The WIN2K PC is acting as
a gateway or internet connection sharing box. I might be able to use a
host IDS to monitor and protect all my data from all PC's since I am
"bottle-necking" all data through the WIN2K PC and the host IDS is
monitoring traffic on the WIN2K PC.
But say I have a router with a built-in switch and I have all my PC's
connected to it. That means I probably need a network IDS that is going
to look at all the traffic on my home LAN since I am not
"bottle-necking" my traffic through the one PC but am using the cable
router/switch as my gateway.
Example of Host IDS for windoz is Black Ice, Zone Alarm etc., and for
linux is portsentry. An example of a good network IDS for both windoz
and linux is Snort.
Much more to it but the above is the simple answer. And of course this
10. Host ID
11. Smail host ID
12. Q: x86 host id
13. Host ID