From owner-freebsd-questions  Thu Feb  7  3: 9: 7 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from web13305.mail.yahoo.com (web13305.mail.yahoo.com [216.136.175.41])
	by hub.freebsd.org (Postfix) with SMTP id 6FD5837B429
	for <freebsd-questions@freebsd.org>; Thu,  7 Feb 2002 03:09:04 -0800 (PST)
Message-ID: <20020207110903.78631.qmail@web13305.mail.yahoo.com>
Received: from [193.174.9.99] by web13305.mail.yahoo.com via HTTP; Thu, 07 Feb 2002 12:09:03 CET
Date: Thu, 7 Feb 2002 12:09:03 +0100 (CET)
From: =?iso-8859-1?q?m=20p?= <sumirati@yahoo.de>
Subject: Re: intrusion detection software...
To: bsdneophyte@yahoo.com
Cc: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Cliff Sarginson wrote:

> > On Thu, Feb 07, 2002 at 02:26:56AM -0800, Bsd Neophyte wrote:
> > 
> > i was at a cisco security/vpn seminar today... and all the speakers
> > stressed how important it was to have "host-level" IDS...
> > 
> > soooooo.... can anyone recommend a good IDS for my FreeBSD box?
> > 
> 
> "snort" is in the ports, my experience of it is pretty good, but that
> was under *another* OS, although it does seem to throw a tantrum
> occaionally and turn itself off.

Ok.

Snort is "host-based" because it runs on *NIX. But that is not "host-based" IDS
rather than a "network" IDS.

"Host-based" IDS means, there is a tool (or a bundle of tools) watching out for
intruders.

You can reach this with the help of tripwire/AIDE, a logwatcher, some process
accounting and an carefull design of the machine.
Look out for some long gone threads for IDS and do a little google work for
yourself. I'm sure you will find something. ... and get and understanding what
IDS means.

AFAIK there is no product at the moment which offers "host-based" IDS in one
product.

Hope that helps

Marc

P.S.: If you don't understand what your computer does don't try to learn IDS
first. If you know your system by heart you are already doing IDS. That told time.

__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Ihre E-Mail noch individueller? - http://domains.yahoo.de

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message