Date: Sun, 13 Jan 2002 20:35:25 +0200 From: "Dave Raven" <dave@raven.za.net> To: "Simon Siemonsma" <s.siemonsma@hccnet.nl>, <freebsd-security@FreeBSD.ORG> Subject: Re: Which intrusion detection to use? Message-ID: <019601c19c61$121dfb00$3800a8c0@DAVE> References: <200201131755.SAA05886@smtp.hccnet.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Snort is probably what your looking for. I wouldnt recommend running portsentry as it can lead to fairly dangerous DoS. Tripwire and AIDE are good products; read up on them to decide. I think youre going overboard. If you default deny anything in and have no unsafe things running what are you worried about? just tail -f your firewall logs. ----- Original Message ----- From: "Simon Siemonsma" <s.siemonsma@hccnet.nl> To: <freebsd-security@FreeBSD.ORG> Sent: Sunday, January 13, 2002 9:00 PM Subject: Which intrusion detection to use? > I have a FreeBSD box at home which I primairily use for internet access. > All unneccesary deamon's are switched of (I have inetd turned off) and I make > use of IPFW. > To even increase the security more I want to add a few things: > 1. software that warns me when I'm under attack. I understood snort is a > Network based Intrusion Detection System (NIDS), so not usefull on a host. > What are the alternatives on a host? I did read about portsentry but don't > understand what the added benefit it over a tightly configured firewall. I > mean I use statefull packet filtering, allowing connections to be build up > from me to the internet and not the other way round. Further my ports are > stealthed. > 2. software which will detect that I'm hacked. Tripware is a well know name, > but AIDE clames to do more. Integrit claimes to be simpler and focus on the > essentials. > > Does anyone have some recommendations for me. > Other recommendations to increase my security are also welcome? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?019601c19c61$121dfb00$3800a8c0>