RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?

From: Matthew Brown, CISSP (MatthewBrown@private)
Date: Wed Jul 31 2002 - 18:57:16 PDT

  • Next message: Andrew Plato: "RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?"

    I'm new to this list, so forgive me. I believe that IIS's RealSecure would
    be a all-in-one IDS solution. Other that its management components, it has a
    NIDS sensor, a HIDS sensor, and an OS sensor. It supports Solaris, NT, and
    Linux.
    
    Matthew Brown, CISSP, SSCP
    
    -----Original Message-----
    From: owner-crime@private [mailto:owner-crime@private]On Behalf Of
    Andrew Plato
    Sent: Wednesday, July 31, 2002 5:49 PM
    To: Eric Kornberg; crime@private
    Subject: RE: CRIME Does anyone have any tips on Intrusion Detection with
    Solaris?
    
    
    Well, that depends on what kind of IDS you're looking for: network-based
    (NIDS) or host-based (HIDS).
    
    If you're looking for a host-based IDS for Solaris. Snort can be set up to
    work as just a host-based IDS. But integrating it with a correlation or
    management console is pretty hard.
    
    ISS RealSecure has a Solaris variant of their Server Sensor. It integrates
    seamlessly with their management console Site Protector.
    
    As for NIDS, you have a lot more choices. RealSecure, NFR, Snort, and
    Manhunt are all network-based IDSs that can run on Solaris. I think Dragon
    does, but I couldn't get on the Enterasys web site to verify that. But, with
    a NIDS, you probably don't want to run anything else on the box. NIDS tend
    to be processor hogs because they have to deal with more traffic.
    
    Now on Linux, your choices get even more limited. Basically, its Snort. ISS
    will have a Linux agent out one of these days, but its still about 6 to 9
    months off. There isn't really many others out there that support Linux.
    There are too many variables and not enough of a market I suppose.
    
    Hope that helps.
    
    ------------------------------------
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    (503) 644-5656 office
    (503) 201-0821 cell
    http://www.anitian.com
    ------------------------------------
    
    
    
    
    
    
    > -----Original Message-----
    > From: Eric Kornberg [mailto:ekornberg@private]
    > Sent: Wednesday, July 31, 2002 5:21 PM
    > To: crime@private
    > Subject: CRIME Does anyone have any tips on Intrusion Detection with
    > Solaris?
    >
    >
    > Thank you in advance.
    > As a second choice - we could use Linux.
    >
    >
    >
    > Eric Kornberg - ViableLinks
    > National Account Manager
    > 7409 SW Tech Center Drive
    > Tigard, Oregon 97223
    > (503) 670-8007 Voice
    > (503) 639-0530 Fax
    > (503) 407-7973 Cell
    > ekornberg@private
    > www.viablelinks.com
    >
    >
    >
    > --------------------------------------------------------------
    > --------------
    > ---------------
    > VIABLELINKS is a reseller for HP/Compaq - IBM - Toshiba -
    > Lexmark - Sony -
    > Okidata and More.
    > A Service Center for HP/Compaq - Toshiba - Dell - IBM -
    > Lexmark and Okidata.
    > With a Technical Services Department - Field to Enterprise Technicians
    > --------------------------------------------------------------
    > --------------
    > ---------------
    >
    >
    >
    



    This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 19:51:56 PDT