Intrusion Detection System.

Intrusion Detection System.

Post by Cautio » Tue, 03 Sep 2002 07:24:25



I am running a Slackware Linux system, and i was wondering what intrusion
detections systems are the best? I read that tripwire is a good one.

Thank You
Duane

 
 
 

Intrusion Detection System.

Post by James Ride » Tue, 03 Sep 2002 07:55:41



> I am running a Slackware Linux system, and i was wondering what intrusion
> detections systems are the best? I read that tripwire is a good one.

tripwire will tell you whether your binaries are the same as when you
left the machine last night. Remember to write the database to a
write-protected medium, eg. CD-ROM.

snort will tell you if anyone's doing nefarious things with your open
(or closed) ports.

I'm sure there are more out there (portsentry, etc.)

cheers,
 Jamie
--

MSc student, Dept. of Informatics, University of Edinburgh.

 
 
 

Intrusion Detection System.

Post by Wojtek Walcza » Tue, 03 Sep 2002 19:28:03


Dnia Sun, 01 Sep 2002 22:24:25 GMT, Caution napisa3(a):
Quote:> I am running a Slackware Linux system, and i was wondering what intrusion
> detections systems are the best? I read that tripwire is a good one.

Tripwire is a HIDS (Host Intrusion Detection System), there're also
NIDS (Network Intrusion Detection System) such as snort, you should
have take a look at it.
Tripwire is a good one, but it's a bit old, and large.

--
[ Wojtek gminick Walczak ][ http://gminick.linuxsecurity.pl/ ]
[ gminick (at) hacker.pl ][ gminick (at) underground.org.pl/ ]

 
 
 

Intrusion Detection System.

Post by oudot lauren » Fri, 20 Sep 2002 08:30:12


If you need HIDS + NIDS possibilities (parsing local logs + network detection +
...) in the same tool, you should glance at Prelude-IDS which is a full
opensource IDS project under GPL.
It's somehow one of the easiest way to monitor your network/box.

Go at http://www.prelude-ids.org


> Dnia Sun, 01 Sep 2002 22:24:25 GMT, Caution napisa3(a):
> > I am running a Slackware Linux system, and i was wondering what intrusion
> > detections systems are the best? I read that tripwire is a good one.
> Tripwire is a HIDS (Host Intrusion Detection System), there're also
> NIDS (Network Intrusion Detection System) such as snort, you should
> have take a look at it.
> Tripwire is a good one, but it's a bit old, and large.

> --
> [ Wojtek gminick Walczak ][ http://gminick.linuxsecurity.pl/ ]
> [ gminick (at) hacker.pl ][ gminick (at) underground.org.pl/ ]

 
 
 

Intrusion Detection System.

Post by oudot lauren » Fri, 20 Sep 2002 08:31:01


If you need HIDS + NIDS possibilities (parsing local logs + network detection +
...) in the same tool, you should glance at Prelude-IDS which is a full
opensource IDS project under GPL.
It's somehow one of the easiest way to monitor your network/box.

Go at http://www.prelude-ids.org


> Dnia Sun, 01 Sep 2002 22:24:25 GMT, Caution napisa3(a):
> > I am running a Slackware Linux system, and i was wondering what intrusion
> > detections systems are the best? I read that tripwire is a good one.
> Tripwire is a HIDS (Host Intrusion Detection System), there're also
> NIDS (Network Intrusion Detection System) such as snort, you should
> have take a look at it.
> Tripwire is a good one, but it's a bit old, and large.

> --
> [ Wojtek gminick Walczak ][ http://gminick.linuxsecurity.pl/ ]
> [ gminick (at) hacker.pl ][ gminick (at) underground.org.pl/ ]

 
 
 

Intrusion Detection System.

Post by oudot lauren » Fri, 20 Sep 2002 08:31:18


If you need HIDS + NIDS possibilities (parsing local logs + network detection +
...) in the same tool, you should glance at Prelude-IDS which is a full
opensource IDS project under GPL.
It's somehow one of the easiest way to monitor your network/box.

Go at http://www.prelude-ids.org


> Dnia Sun, 01 Sep 2002 22:24:25 GMT, Caution napisa3(a):
> > I am running a Slackware Linux system, and i was wondering what intrusion
> > detections systems are the best? I read that tripwire is a good one.
> Tripwire is a HIDS (Host Intrusion Detection System), there're also
> NIDS (Network Intrusion Detection System) such as snort, you should
> have take a look at it.
> Tripwire is a good one, but it's a bit old, and large.

> --
> [ Wojtek gminick Walczak ][ http://gminick.linuxsecurity.pl/ ]
> [ gminick (at) hacker.pl ][ gminick (at) underground.org.pl/ ]

 
 
 

Intrusion Detection System.

Post by oudot lauren » Fri, 20 Sep 2002 08:31:48


If you need HIDS + NIDS possibilities (parsing local logs + network detection +
...) in the same tool, you should glance at Prelude-IDS which is a full
opensource IDS project under GPL.
It's somehow one of the easiest way to monitor your network/box.

Go at http://www.prelude-ids.org


> Dnia Sun, 01 Sep 2002 22:24:25 GMT, Caution napisa3(a):
> > I am running a Slackware Linux system, and i was wondering what intrusion
> > detections systems are the best? I read that tripwire is a good one.
> Tripwire is a HIDS (Host Intrusion Detection System), there're also
> NIDS (Network Intrusion Detection System) such as snort, you should
> have take a look at it.
> Tripwire is a good one, but it's a bit old, and large.

> --
> [ Wojtek gminick Walczak ][ http://gminick.linuxsecurity.pl/ ]
> [ gminick (at) hacker.pl ][ gminick (at) underground.org.pl/ ]

 
 
 

1. Intrusion Detection Systems: An Introduction

Hi all,

LinuxSecurity has a new story on getting started with intrusion
detection.

"Intrusion Detection is the process and methodology of inspecting data
for malicious, inaccurate or anomalous activity. At the most basic
levels there are two forms of Intrusion Detection Systems that you
will encounter: Host and Network based."

http://www.linuxsecurity.com/feature_stories/feature_story-143.html

2. PCSIM under 3.1 AIX

3. SPECTER Intrusion Detection System

4. make dep error- unknown pseudo-op?

5. Seeking nice looking desktop tools

6. new Project : Intrusion Detection System

7. ??? --- neighbour table overflow --- ???

8. New network intrusion detection system for Linux (GPL)

9. new Project : Intrusion Detection System

10. NYC LOCAL: Thursday 15 November 2001 UNIGROUP: James Licata on Intrusion Detection Systems

11. Intrusion Detection Systems Management Console

12. Stateful and Stateless Intrusion Detection System