focus-ids October 2008 archive
Main Archive Page > Month Archives  > focus-ids archives
focus-ids: Re: Host Based IDS

Re: Host Based IDS

From: ॐ aditya mukadam ॐ <aditya.mukadam_at_nospam>
Date: Mon Oct 27 2008 - 05:52:26 GMT
To: "Rafael Dreher" <rafael_dreher@sicredi.com.br>, focus-ids@securityfocus.com


Sorry for the delay in response. Yes, we have been using Tipping Point IPS for section of our clients and it works great !

Thanks,
Aditya Govind Mukadam

On Tue, Oct 21, 2008 at 10:01 PM, Rafael Dreher <rafael_dreher@sicredi.com.br> wrote:
> Does anyone has an opinion on TippingPoint UnityOne IPS?
>
> I thinks its a really good one.
>
> --
> Rafael Dreher
> Analista de Infra-Estrutura de Segurana
> Projetos de Infra-estrutura de TI
> Confederao SICREDI - Porto Alegre
> (51) 3358-8363 /(51) 9275-9014
> http://www.sicredi.com.br
>
>
>> -----Mensagem original-----
>> De: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
>> Em nome de Andrew Plato
>> Enviada em: tera-feira, 21 de outubro de 2008 13:00
>> Para: Security Group; focus-ids@securityfocus.com
>> Assunto: RE: Host Based IDS
>>
>> I like IBM-ISS Proventia. It's a very powerful HIPS/HIDS. Hard to beat
>> the old BlackICE engine that's inside it. Its still one of the best
>> IDS/IPS engines on the market. The new Proventia Server 2.0 has a very
>> rich feature set. And IBM-ISSs integration with their scanner, NIPS and
>> ADS via SiteProtector is very powerful. It does have a steep learning
>> curve however.
>>
>> Tripwire, incidentally is not HIDS/HIPS. It is a file integrity
>> monitoring product. Useful, but IBM Proventia has that plus a whole lot
>> more.
>>
>> Andrew Plato, CISSP, CISM, QSA
>> President/Principal Consultant
>> Anitian Enterprise Security
>>
>>
>> -----Original Message-----
>> From: listbounce@securityfocus.com
>> [mailto:listbounce@securityfocus.com]
>> On Behalf Of Security Group
>> Sent: Monday, October 20, 2008 5:13 AM
>> To: focus-ids@securityfocus.com
>> Subject: Host Based IDS
>>
>> Hello,
>>
>> I am currently evaluating several host-based Intrusion Detection
>> Systems
>> to monitor servers in a DMZ. My company only wants to monitor for
>> suspecious behaviour on critical servers, without the need for a
>> company
>> wide security system. I am not interested in a network-bases ids
>> because
>> this is already covered by our company.
>> The list below contains my findings so far;
>>
>> OSSEC
>> Open Source Tripwire
>> SAMHAIN
>> OSIRIS
>> AIDE
>> Third Brigade Deep Security
>> Symantec Critical System Protection
>> IBM Proventia
>> Enterasys Dragon IDS/IPS
>> McAfee Total Protection for Endpoint
>> CA Host-Based Intrusion Prevention System r8 GFiEventsManager Cisco
>> Security Agent
>>
>> I am thinking of suggesting OSSEC. Does anyone have any other
>> suggestions?
>>
>> Thanks in advance.
>>
>> _________________________________________________
>> NOTICE:
>> This email may contain confidential information,
>> and is for the sole use of the intended recipient.
>> If you are not the intended recipient, please reply
>> to the message and inform the sender of the error
>> and delete the email and any attachments from
>> your computer.
>> _________________________________________________
>>
>>
>>
>> -----------------------------------------------------------------------
>> -
>> Test Your IDS
>>
>> Is your IDS deployed correctly?
>> Find out quickly and easily by testing it
>> with real-world attacks from CORE IMPACT.
>> Go to
>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campai
>> gn=intro_sfw
>> to learn more.
>> -----------------------------------------------------------------------
>> -
>
>
>
> As informacoes contidas neste e-mail e anexos podem ser confidenciais e privilegiadas, protegidas por sigilo legal. Qualquer forma de utilizacao deste documento depende de autorizacao do emissor, sujeito as penalidades cabiveis. O emissor utiliza o recurso somente para fins profissionais, eximindo o empregador de responsabilidades por uso pessoal ou improprio. Se esta mensagem foi recebida por engano, o conteudo deve ser apagado e o remetente avisado imediatamente, atraves de resposta a este e-mail.
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>



Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.