From owner-freebsd-security Sun Jan 13 9:55:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.hccnet.nl (smtp.hccnet.nl [62.251.0.13]) by hub.freebsd.org (Postfix) with ESMTP id 3B52837B402 for ; Sun, 13 Jan 2002 09:55:32 -0800 (PST) Received: from there by smtp.hccnet.nl via fia168-94.dsl.hccnet.nl [62.251.94.168] with SMTP for id SAA05886 (8.8.8/1.13); Sun, 13 Jan 2002 18:55:16 +0100 (MET) Message-Id: <200201131755.SAA05886@smtp.hccnet.nl> Content-Type: text/plain; charset="iso-8859-1" From: Simon Siemonsma To: freebsd-security@freebsd.org Subject: Which intrusion detection to use? Date: Sun, 13 Jan 2002 19:00:30 +0000 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a FreeBSD box at home which I primairily use for internet access. All unneccesary deamon's are switched of (I have inetd turned off) and I make use of IPFW. To even increase the security more I want to add a few things: 1. software that warns me when I'm under attack. I understood snort is a Network based Intrusion Detection System (NIDS), so not usefull on a host. What are the alternatives on a host? I did read about portsentry but don't understand what the added benefit it over a tightly configured firewall. I mean I use statefull packet filtering, allowing connections to be build up from me to the internet and not the other way round. Further my ports are stealthed. 2. software which will detect that I'm hacked. Tripware is a well know name, but AIDE clames to do more. Integrit claimes to be simpler and focus on the essentials. Does anyone have some recommendations for me. Other recommendations to increase my security are also welcome? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message