Date: Sun, 13 Jan 2002 19:00:30 +0000 From: Simon Siemonsma <s.siemonsma@hccnet.nl> To: freebsd-security@freebsd.org Subject: Which intrusion detection to use? Message-ID: <200201131755.SAA05886@smtp.hccnet.nl>
next in thread | raw e-mail | index | archive | help
I have a FreeBSD box at home which I primairily use for internet access. All unneccesary deamon's are switched of (I have inetd turned off) and I make use of IPFW. To even increase the security more I want to add a few things: 1. software that warns me when I'm under attack. I understood snort is a Network based Intrusion Detection System (NIDS), so not usefull on a host. What are the alternatives on a host? I did read about portsentry but don't understand what the added benefit it over a tightly configured firewall. I mean I use statefull packet filtering, allowing connections to be build up from me to the internet and not the other way round. Further my ports are stealthed. 2. software which will detect that I'm hacked. Tripware is a well know name, but AIDE clames to do more. Integrit claimes to be simpler and focus on the essentials. Does anyone have some recommendations for me. Other recommendations to increase my security are also welcome? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201131755.SAA05886>