Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Tripwire, Snort et al...? 4 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Hello ajt,,
    Snort as a Intrusion Detection System it's very powerfull, he scans your DMZ in real time and produces pretty HTML (with snortsnarf for example),, but if your want to sniff all your network DMZ/LANs your do a better job with two or more IDS's (NIDS) one in DMZ and other in your lan, and join the results for a better analise
    In this area of IDS's you have another choise very good too, the AIDE.

    Tripwire is very nice too but for static contents, it takes a snapshot of your filesystem while out of the production evironment and then compares that snapshot with the current filesystem properties (files size date etc etc).

    Nessus its an audit tool very very powerfull i use it to test servers to see if i have everything secure and updated.

    Your will see many many apps to do this work, bot not (for now) "the app to do all this things",, you will have to use a group of them. But wathever aplications you use, you will need to give a big importance to the first rule of security: "Dont think you are 100% secure".
    Now some nice links:
    http://www.sans.org/rr/
    http://www.sans.org/rr/whitepapers/testing/
    http://www.sans.org/rr/whitepapers/forensics/
    http://www.sans.org/rr/whitepapers/firewalls/
    http://www.sans.org/rr/whitepapers/monitoring/
    and because i use FreeBSD
    http://www.freebsd.org/ports/security.html
    ;) I hope you can understand my english :)
    • AIDE [cs.tut.fi] is what we've started using here. I've no experience with it because I'm no longer the sysadmin (hurrah!). But it seems to work ok for our (simple) needs. I suspect we're using it more to prevent mistakes than as an actual intrusion detection system though.

      -Dom

      • I Spotted that when I was looking round the Debian site. Though the work box is RHEL-ES3, I run Debian at home, and I have the same paranoid worries there too...

        I know there are lots of tools to choose from, it's knowing where to start that is the problem. Thanks for the suggestion, I'll investigate that too.

        --
        -- "It's not magic, it's work..."

    • Most helpful, and your English is fine.

      Will do some investigating...

      --
      -- "It's not magic, it's work..."
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.