Recently I learned about two IDS tools that are a little bit different from a typical IDS. One runs inside an application, and the other is a host IDS that runs on servers or workstations.
The first tool is called Firekeeper. It's an extension for Firefox that works similarly to Snort in that it uses a configurable set of rules to detect suspicious activity. Firekeeper is a relatively new tool and doesn't have the huge set of rules available that Snort does. Nevertheless, the base set of rules is a good starting point, and you can write your own rules with relative ease, especially if you're familiar with Snort.
The second tool I learned about is OSSEC Host IDS (HIDS). OSSEC HIDS has two basic parts: the central server and the host monitors. The main server collects information from the host monitors, and the host monitors perform a variety of tasks. They can detect known rootkits and maintain file system integrity by keeping tabs on important system files.
(more...)
jueves, 5 de abril de 2007
Suscribirse a:
Enviar comentarios (Atom)
No hay comentarios:
Publicar un comentario