Date: Tue, 29 Jan 2002 16:38:51 +0100 From: Emre Bastuz <info@emre.de> To: freebsd-isp@freebsd.org Cc: jim <jim@jwweeks.com> Subject: Re: Security methods Message-ID: <3C56C20B.70306@emre.de> References: <Pine.BSF.4.21.0201290942200.688-100000@veager.jwweeks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Jim, > I would like to get a rough idea as to what people are using for hacker > detection there are several software packets out there, but first off you have to decide if you are looking for a network intrusion detection system or a host based intrusion detection system. A freeware NIDS thatīs quite popular is Snort: http://www.snort.org. There are commercial NIDS out there. For example NFR (Network Flight Recorder) and RealSecure. Basically these do listen on a network interface and compare the collected ip packets with certain rules. If a packet matches a known attacking scheme/rule, an alert is sent out (or at least recorded). On the other hand, host based intrusion detection systems are installed on a certain host and gather information about the modification time and checksums of vital system files. With a cron job the recorded information is checked against the current modification time and checksums. If a change has occured, indicating a compromised system, a message is being sent out (or at least recorded :) The two HIDS that come to my mind are Tripwire (http://sourceforge.net/projects/tripwire/) or Aide (in ports collection, /usr/ports/security/aide). Regards, Emre jim wrote: > Hey Guys, > > I would like to get a rough idea as to what people are using for hacker > detection i.e. port scan logging, deception software, etc. Possibly some > pointers on recently well written articles. > > Thanks in advance. > > -- > Jim Weeks > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > -- Emre Bastuz info@emre.de http://www.emre.de UIN: 561260 PGP Key ID: 0xEA0E2CA1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C56C20B.70306>