RE: CRIME Does anyone have any tips on Intrusion Detection with Solaris?

From: Andrew Plato (aplato@private)
Date: Wed Jul 31 2002 - 19:22:57 PDT

  • Next message: Shaun Savage: "Re: CRIME Does anyone have any tips on Intrusion Detection with Solaris?"

    Well you won't hear me argue against that. :-) But then again, I am the only premier reseller/solutions provider for ISS in the Pacific Northwest...as well as a certified trainer and the author of much of the ISS technical documentation. :-) I guess that makes me a wee bit biased. 
    
    However, that is one of the largest benefits to working with ISS products. They cover the full spectrum of IDS solutions as well as vulnerability auditing. With ISS you can get all that data rolled into one management console (either ICEcap or SiteProtector). 
    
    In all fairness however, Snort is a very good (and free) alternative. It just takes a lot more technical expertise to become proficient with Snort. 
    
    ------------------------------------
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    (503) 644-5656 office
    (503) 201-0821 cell
    http://www.anitian.com
    ------------------------------------
    
    
    
    > -----Original Message-----
    > From: Matthew Brown, CISSP [mailto:MatthewBrown@private]
    > Sent: Wednesday, July 31, 2002 6:57 PM
    > To: crime@private
    > Subject: RE: CRIME Does anyone have any tips on Intrusion 
    > Detection with
    > Solaris?
    > 
    > 
    > 
    > I'm new to this list, so forgive me. I believe that IIS's 
    > RealSecure would
    > be a all-in-one IDS solution. Other that its management 
    > components, it has a
    > NIDS sensor, a HIDS sensor, and an OS sensor. It supports 
    > Solaris, NT, and
    > Linux.
    > 
    > Matthew Brown, CISSP, SSCP
    > 
    > -----Original Message-----
    > From: owner-crime@private 
    > [mailto:owner-crime@private]On Behalf Of
    > Andrew Plato
    > Sent: Wednesday, July 31, 2002 5:49 PM
    > To: Eric Kornberg; crime@private
    > Subject: RE: CRIME Does anyone have any tips on Intrusion 
    > Detection with
    > Solaris?
    > 
    > 
    > Well, that depends on what kind of IDS you're looking for: 
    > network-based
    > (NIDS) or host-based (HIDS).
    > 
    > If you're looking for a host-based IDS for Solaris. Snort can 
    > be set up to
    > work as just a host-based IDS. But integrating it with a 
    > correlation or
    > management console is pretty hard.
    > 
    > ISS RealSecure has a Solaris variant of their Server Sensor. 
    > It integrates
    > seamlessly with their management console Site Protector.
    > 
    > As for NIDS, you have a lot more choices. RealSecure, NFR, Snort, and
    > Manhunt are all network-based IDSs that can run on Solaris. I 
    > think Dragon
    > does, but I couldn't get on the Enterasys web site to verify 
    > that. But, with
    > a NIDS, you probably don't want to run anything else on the 
    > box. NIDS tend
    > to be processor hogs because they have to deal with more traffic.
    > 
    > Now on Linux, your choices get even more limited. Basically, 
    > its Snort. ISS
    > will have a Linux agent out one of these days, but its still 
    > about 6 to 9
    > months off. There isn't really many others out there that 
    > support Linux.
    > There are too many variables and not enough of a market I suppose.
    > 
    > Hope that helps.
    > 
    > ------------------------------------
    > Andrew Plato, CISSP
    > President / Principal Consultant
    > Anitian Corporation
    > 
    > (503) 644-5656 office
    > (503) 201-0821 cell
    > http://www.anitian.com
    > ------------------------------------
    > 
    > 
    > 
    > 
    > 
    > 
    > > -----Original Message-----
    > > From: Eric Kornberg [mailto:ekornberg@private]
    > > Sent: Wednesday, July 31, 2002 5:21 PM
    > > To: crime@private
    > > Subject: CRIME Does anyone have any tips on Intrusion Detection with
    > > Solaris?
    > >
    > >
    > > Thank you in advance.
    > > As a second choice - we could use Linux.
    > >
    > >
    > >
    > > Eric Kornberg - ViableLinks
    > > National Account Manager
    > > 7409 SW Tech Center Drive
    > > Tigard, Oregon 97223
    > > (503) 670-8007 Voice
    > > (503) 639-0530 Fax
    > > (503) 407-7973 Cell
    > > ekornberg@private
    > > www.viablelinks.com
    > >
    > >
    > >
    > > --------------------------------------------------------------
    > > --------------
    > > ---------------
    > > VIABLELINKS is a reseller for HP/Compaq - IBM - Toshiba -
    > > Lexmark - Sony -
    > > Okidata and More.
    > > A Service Center for HP/Compaq - Toshiba - Dell - IBM -
    > > Lexmark and Okidata.
    > > With a Technical Services Department - Field to Enterprise 
    > Technicians
    > > --------------------------------------------------------------
    > > --------------
    > > ---------------
    > >
    > >
    > >
    > 
    > 
    



    This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 19:55:32 PDT