User: Password:
|
|
Subscribe / Log in / New account

OSSEC for host-based intrusion detection

OSSEC for host-based intrusion detection

Posted Apr 23, 2010 10:47 UTC (Fri) by Cato (subscriber, #7643)
In reply to: OSSEC for host-based intrusion detection by drag
Parent article: OSSEC for host-based intrusion detection

No security measure is perfect, but using HIDS should raise the bar a bit - less competent attackers may not notice the HIDS in time to prevent it alerting the central server, or they may not correctly manage to disable it. Even if only a percentage of attacks are stopped by the HIDS, that may still be of value compared to the effort of maintaining it.

In the web host case, it's very useful to have a quick alert that certain files have been changed, e.g. by a scripted attack on a PHP or web app vulnerability.


(Log in to post comments)

OSEC for host-based intrusion detection

Posted May 6, 2010 19:52 UTC (Thu) by gvy (guest, #11981) [Link]

And less known HIDS well might be better at (not) getting spotted and disarmed in time. Just in case, there's OSEC -- ALT Linux homegrown one (standalone, no attempt at r/o checksum media or distributed operation but written by thorough people).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds