Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Jan 2002 13:27:01 -0600 (CST)
From:      admin <admin@crimelords.org>
To:        Simon Siemonsma <s.siemonsma@hccnet.nl>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Which intrusion detection to use?
Message-ID:  <Pine.BSF.4.44.0201131325360.72249-100000@crimelords.org>
In-Reply-To: <200201131755.SAA05886@smtp.hccnet.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
Check out Veracity...I use snort and aide and tripwire on different
machines, and Veracity has peeked my interest just lately due to a post
from here.  I will be giving it a trial run myself pretty soon.  Here is
where you can find it....

Have a look at http://www.freeveracity.org

Let us know if you do use it, it's supposed to work very well on bsd.

--emacs

On Sun, 13 Jan 2002, Simon Siemonsma wrote:

> I have a FreeBSD box at home which I primairily use for internet access.
> All unneccesary deamon's are switched of (I have inetd turned off) and I make
> use of IPFW.
> To even increase the security more I want to add a few things:
> 1.	software that warns me when I'm under attack. I understood snort is a
> Network based Intrusion Detection System (NIDS), so not usefull on a host.
> What are the alternatives on a host? I did read about portsentry but don't
> understand what the added benefit it over a tightly configured firewall. I
> mean I use statefull packet filtering, allowing connections to be build up
> from me to the internet and not the other way round. Further my ports are
> stealthed.
> 2.	software which will detect that I'm hacked. Tripware is a well know name,
> but AIDE clames to do more. Integrit claimes to be simpler and focus on the
> essentials.
>
> Does anyone have some recommendations for me.
> Other recommendations to increase my security are also welcome?
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.44.0201131325360.72249-100000>