Date: Thu, 7 Feb 2002 12:09:03 +0100 (CET) From: =?iso-8859-1?q?m=20p?= <sumirati@yahoo.de> To: bsdneophyte@yahoo.com Cc: freebsd-questions@freebsd.org Subject: Re: intrusion detection software... Message-ID: <20020207110903.78631.qmail@web13305.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Cliff Sarginson wrote: > > On Thu, Feb 07, 2002 at 02:26:56AM -0800, Bsd Neophyte wrote: > > > > i was at a cisco security/vpn seminar today... and all the speakers > > stressed how important it was to have "host-level" IDS... > > > > soooooo.... can anyone recommend a good IDS for my FreeBSD box? > > > > "snort" is in the ports, my experience of it is pretty good, but that > was under *another* OS, although it does seem to throw a tantrum > occaionally and turn itself off. Ok. Snort is "host-based" because it runs on *NIX. But that is not "host-based" IDS rather than a "network" IDS. "Host-based" IDS means, there is a tool (or a bundle of tools) watching out for intruders. You can reach this with the help of tripwire/AIDE, a logwatcher, some process accounting and an carefull design of the machine. Look out for some long gone threads for IDS and do a little google work for yourself. I'm sure you will find something. ... and get and understanding what IDS means. AFAIK there is no product at the moment which offers "host-based" IDS in one product. Hope that helps Marc P.S.: If you don't understand what your computer does don't try to learn IDS first. If you know your system by heart you are already doing IDS. That told time. __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Ihre E-Mail noch individueller? - http://domains.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020207110903.78631.qmail>