RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?

From: Andrew Plato (aplato@private)
Date: Wed Jul 31 2002 - 17:48:44 PDT

Next message: Matthew Brown, CISSP: "RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?"

Previous message: Eric Kornberg: "CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Maybe in reply to: Eric Kornberg: "CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Next in thread: Matthew Brown, CISSP: "RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Reply: Matthew Brown, CISSP: "RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, that depends on what kind of IDS you're looking for: network-based (NIDS) or host-based (HIDS). 

If you're looking for a host-based IDS for Solaris. Snort can be set up to work as just a host-based IDS. But integrating it with a correlation or management console is pretty hard. 

ISS RealSecure has a Solaris variant of their Server Sensor. It integrates seamlessly with their management console Site Protector. 

As for NIDS, you have a lot more choices. RealSecure, NFR, Snort, and Manhunt are all network-based IDSs that can run on Solaris. I think Dragon does, but I couldn't get on the Enterasys web site to verify that. But, with a NIDS, you probably don't want to run anything else on the box. NIDS tend to be processor hogs because they have to deal with more traffic. 

Now on Linux, your choices get even more limited. Basically, its Snort. ISS will have a Linux agent out one of these days, but its still about 6 to 9 months off. There isn't really many others out there that support Linux. There are too many variables and not enough of a market I suppose. 

Hope that helps.

------------------------------------
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation

(503) 644-5656 office
(503) 201-0821 cell
http://www.anitian.com
------------------------------------






> -----Original Message-----
> From: Eric Kornberg [mailto:ekornberg@private]
> Sent: Wednesday, July 31, 2002 5:21 PM
> To: crime@private
> Subject: CRIME Does anyone have any tips on Intrusion Detection with
> Solaris?
> 
> 
> Thank you in advance.
> As a second choice - we could use Linux.
> 
> 
> 
> Eric Kornberg - ViableLinks
> National Account Manager
> 7409 SW Tech Center Drive
> Tigard, Oregon 97223
> (503) 670-8007 Voice
> (503) 639-0530 Fax
> (503) 407-7973 Cell
> ekornberg@private
> www.viablelinks.com
> 
> 
> 
> --------------------------------------------------------------
> --------------
> ---------------
> VIABLELINKS is a reseller for HP/Compaq - IBM - Toshiba - 
> Lexmark - Sony -
> Okidata and More.
> A Service Center for HP/Compaq - Toshiba - Dell - IBM - 
> Lexmark and Okidata.
> With a Technical Services Department - Field to Enterprise Technicians
> --------------------------------------------------------------
> --------------
> ---------------
> 
> 
>

Next message: Matthew Brown, CISSP: "RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Previous message: Eric Kornberg: "CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Maybe in reply to: Eric Kornberg: "CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Next in thread: Matthew Brown, CISSP: "RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Reply: Matthew Brown, CISSP: "RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 18:20:19 PDT