frank wrote:
> I have just setup my Web server on solaris platform and is planning to
> deploy a freeware IDS. Now I am evaluating the below IDS tools :-
> AIDE
> Snort
> Tripwire
> Chkrootkit
>
>
You have 4 different intent tools listed..
AIDE is indeed a host ids...I have tested it, but not had the chance to
really deploy it. AIDE looks at all aspects of the system,: file space
(user induced DOS), password files, etc.
Snort is a NETWORK IDS, not really a host IDS. Snort only alerts/captures
based on network traffic.
Tripwire is used to make sure critical files have not changed via checksum
processes. This tool knows nothing of
network intrusions, etc.
Chkrootkit is a tool used to scan a system fro KNOWN traces of root kits.
In truth, you need to deploy ALL of them for a nearly true secure
environment.
--
------------------------------------------------------------------
Jerry Litteer
Cyber Security Office e-mail: gll_at_inel.gov
Idaho National Engineering and Environmental Lab. (INEEL)
POB 1625 M.S. 3640 Phone: (208) 526-9117
Idaho Falls, Id. 83415-3640 FAX: (208) 526-9366
Received on Dec 27 2002
Intro
