Date: Thu, 03 May 2001 17:44:46 +0100 From: Lee Smallbone <lee@kechara.net> To: freebsd-security@freebsd.org Subject: Re: Security Monitors Message-ID: <200105031758.SAA27778@mailgate.kechara.net>
next in thread | raw e-mail | index | archive | help
Generally I don't tend to rely (too) much on host-based security monitoring. Rather, I prefer the NIDS approach. (Network Intrusion Detection System). Every server here has some host based monitoring - logcheck, tripwire etc. - but the NIDS provides very high quality information that can be relied on (moreso) than host-based logs which can be tampered with. That is not to say the NIDS data cannot by tampered with, but chances are an attacker won't even know one is in place. As snort analyses packets as they travel through the network, even exploits that don't work are logged. Also 'pre-attack' signatures such as port scans, traceroutes, pings and so forth are also logged. In our particular case, we use snort and acid. (www.snort.org, http://www.cert.org/kb/acid/) hth, -- Lee Smallbone Kechara Internet lee@kechara.net www.kechara.net Tel: (01243) 869 969 Fax: (01243) 866 685 03/05/2001 03:18:25, Glenn G <glenn@geekazoid.com> wrote: >Good Morning All! I have a quick question regarding security >monitoring. We have a Linux server that was recently breeched >(completely my fault btw. Never got around to securing it up very >well.) > >To my point...FreeBSD has been much more secure in my limited experience >than most other OS's out there. I would however like to install more >monitoring software on the box so it will alert me if there has been an >attack. I have been looking at "mon", "bro", and "logcheck". Can >anyone give any recommendations? Experiences? > >Also, is it worthwhile to install "xinetd"? Again, any advice would be >awesome. > >Any help is greatly appreciated!!! ;-) > >Happy Day, >glenn > >PS - I am on the digest list so please be patient for any feedback from >me. :-) > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105031758.SAA27778>