I'm new to this list, so forgive me. I believe that IIS's RealSecure would be a all-in-one IDS solution. Other that its management components, it has a NIDS sensor, a HIDS sensor, and an OS sensor. It supports Solaris, NT, and Linux. Matthew Brown, CISSP, SSCP -----Original Message----- From: owner-crime@private [mailto:owner-crime@private]On Behalf Of Andrew Plato Sent: Wednesday, July 31, 2002 5:49 PM To: Eric Kornberg; crime@private Subject: RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris? Well, that depends on what kind of IDS you're looking for: network-based (NIDS) or host-based (HIDS). If you're looking for a host-based IDS for Solaris. Snort can be set up to work as just a host-based IDS. But integrating it with a correlation or management console is pretty hard. ISS RealSecure has a Solaris variant of their Server Sensor. It integrates seamlessly with their management console Site Protector. As for NIDS, you have a lot more choices. RealSecure, NFR, Snort, and Manhunt are all network-based IDSs that can run on Solaris. I think Dragon does, but I couldn't get on the Enterasys web site to verify that. But, with a NIDS, you probably don't want to run anything else on the box. NIDS tend to be processor hogs because they have to deal with more traffic. Now on Linux, your choices get even more limited. Basically, its Snort. ISS will have a Linux agent out one of these days, but its still about 6 to 9 months off. There isn't really many others out there that support Linux. There are too many variables and not enough of a market I suppose. Hope that helps. ------------------------------------ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com ------------------------------------ > -----Original Message----- > From: Eric Kornberg [mailto:ekornberg@private] > Sent: Wednesday, July 31, 2002 5:21 PM > To: crime@private > Subject: CRIME Does anyone have any tips on Intrusion Detection with > Solaris? > > > Thank you in advance. > As a second choice - we could use Linux. > > > > Eric Kornberg - ViableLinks > National Account Manager > 7409 SW Tech Center Drive > Tigard, Oregon 97223 > (503) 670-8007 Voice > (503) 639-0530 Fax > (503) 407-7973 Cell > ekornberg@private > www.viablelinks.com > > > > -------------------------------------------------------------- > -------------- > --------------- > VIABLELINKS is a reseller for HP/Compaq - IBM - Toshiba - > Lexmark - Sony - > Okidata and More. > A Service Center for HP/Compaq - Toshiba - Dell - IBM - > Lexmark and Okidata. > With a Technical Services Department - Field to Enterprise Technicians > -------------------------------------------------------------- > -------------- > --------------- > > >
This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 19:51:56 PDT