Then what actually is snort do ? Coz my site is already behind a firewall,
is snort still necessary in this case ?
I have also got the below list from other, so what are they and how good
they are ?
Samhain
Prelude
Honeynet
Emerald
Are they free ?
I also were being told to enable BSM auditing, what are they ? Any reference
web site ?
Frank
----- Original Message -----
From: "Jerry" <gll_at_inel.gov>
To: "frank" <chocobofrank_at_hotmail.com>
Cc: <focus-ids_at_securityfocus.com>
Sent: Wednesday, December 25, 2002 1:16 AM
Subject: Re: Best Host IDS Tools
> frank wrote:
>
> > I have just setup my Web server on solaris platform and is planning to
> > deploy a freeware IDS. Now I am evaluating the below IDS tools :-
> > AIDE
> > Snort
> > Tripwire
> > Chkrootkit
> >
> >
>
> You have 4 different intent tools listed..
>
> AIDE is indeed a host ids...I have tested it, but not had the chance to
> really deploy it. AIDE looks at all aspects of the system,: file space
> (user induced DOS), password files, etc.
>
> Snort is a NETWORK IDS, not really a host IDS. Snort only
alerts/captures
> based on network traffic.
>
> Tripwire is used to make sure critical files have not changed via checksum
> processes. This tool knows nothing of
> network intrusions, etc.
>
> Chkrootkit is a tool used to scan a system fro KNOWN traces of root kits.
>
> In truth, you need to deploy ALL of them for a nearly true secure
> environment.
>
>
>
>
> --
> ------------------------------------------------------------------
> Jerry Litteer
> Cyber Security Office e-mail: gll_at_inel.gov
> Idaho National Engineering and Environmental Lab. (INEEL)
> POB 1625 M.S. 3640 Phone: (208) 526-9117
> Idaho Falls, Id. 83415-3640 FAX: (208) 526-9366
>
>
>
Received on Dec 27 2002
Intro
