Host IDS for AIX 5.X

Host IDS for AIX 5.X

Post by Per Ar » Wed, 18 Jun 2003 17:07:55



Hi, does anyone know about a good host based intrusion detection
system for IBM AIX 5.X ?

Thanks
Per Arve

 
 
 

Host IDS for AIX 5.X

Post by Gary Gapinsk » Wed, 18 Jun 2003 22:56:54



> Hi, does anyone know about a good host based intrusion detection
> system for IBM AIX 5.X ?

Snort - http://www.snort.org/

 
 
 

Host IDS for AIX 5.X

Post by ja.. » Mon, 23 Jun 2003 10:24:06



Quote:>Hi, does anyone know about a good host based intrusion detection
>system for IBM AIX 5.X ?

Hi Per,

If you're talking IBM, perhaps the "IBM Tivoli Access Manager for
Operating Systems" suite comes close. It runs on AIX 4.3.3 and 5.1.

http://www-3.ibm.com/software/tivoli/products/access-mgr-operating-sys/

I can't tell you about the quality of this product.

Another Tivoli product is the "IBM Tivoli Intrusion Manager". However,
this IDS product seems to be available for the Win2000 platform only,
not AIX.

See http://www-3.ibm.com/software/tivoli/products/intrusion-mgr/

Other major NIDS and HIDS solutions that may or may not run on AIX can
be found on http://www.honeypots.net/ids/products (suggestions for
this list are much appreciated).

Jacco Tunnissen
--
http://www.honeypots.net/
Intrusion Detection Systems,
Honeypots, Incident Handling

 
 
 

1. Host IDS and a Network IDS

Pretty simple.
A host is a single computer
A network is a group of computers

Host IDS detects instrusions on a single PC
Network IDS watches the network which may have multiple PC's or clients.
  Could be a class A/B/C or even D network or any combination. For
networks, an IDS normally exist at the enclave boundry protecting or
monitoring all traffic at the boundry going to/from networks behind the
boundry.

Disclaimer: Various IDS make various claims.
  A host IDS may protect your network if you have a dual nic'd host
between your network and your provider.

For example: I may have a WIN2K PC with 2NICS with one NIC connected to
my cable modem and service provider and the other NIC connected to a hub
or switch with my kids computer, bedroom computer, living room and
kitchen computer connected to the hub/switch. The WIN2K PC is acting as
a gateway or internet connection sharing box. I might be able to use a
host IDS to monitor and protect all my data from all PC's since I am
"bottle-necking" all data through the WIN2K PC and the host IDS is
monitoring traffic on the WIN2K PC.

But say I have a router with a built-in switch and I have all my PC's
connected to it. That means I probably need a network IDS that is going
to look at all the traffic on my home LAN since I am not
"bottle-necking" my traffic through the one PC but am using the cable
router/switch as my gateway.

Example of Host IDS for windoz is Black Ice, Zone Alarm etc., and for
linux is portsentry. An example of a good network IDS for both windoz
and linux is Snort.

Much more to it but the above is the simple answer. And of course this
is arguable..
ITC(SW) Smith

2. laptops? any success?

3. Does AIX support hosts.deny/hosts.allow configs?

4. IP network interconnectivity

5. AIX accessing host when it should not; AIX known bug or what?

6. linux uninstall HELP

7. virtual hosting.....same email id..

8. I can't read data from COM1

9. Does SCO has unique host ID?

10. Host ID

11. Smail host ID

12. Q: x86 host id

13. Host ID