Dedicated intrusion detection system - Security

This is a discussion on Dedicated intrusion detection system - Security ; We have a spare computer with a dead hard drive that I'd like to use as a dedicated intrusion detection system. I want it to boot a hardened distro from a CD, and then probe all our production servers' ports ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Dedicated intrusion detection system

  1. Dedicated intrusion detection system

    We have a spare computer with a dead hard drive that I'd like to use as a
    dedicated intrusion detection system.
    I want it to boot a hardened distro from a CD, and then probe all our production
    servers' ports and scan the hard drives with programs like Aide and Samhain. It
    will compare against a read-only database on the second CD drive.
    I'm sure a setup like this must have been created hundreds of times already, so
    I'm hoping someone can point me to some resources.

    Thanks, Rick DeBay


    --
    http://NewsGuy.com/overview.htm 30Gb $9.95 Carry Forward and On Demand Bandwidth


  2. Re: Dedicated intrusion detection system

    > We have a spare computer with a dead hard drive that I'd like to use
    > as a dedicated intrusion detection system.
    > I want it to boot a hardened distro from a CD, and then probe all our
    > production servers' ports and scan the hard drives with programs like
    > Aide and Samhain. It will compare against a read-only database on the
    > second CD drive. I'm sure a setup like this must have been created
    > hundreds of times already, so I'm hoping someone can point me to some
    > resources.


    Have you considered using Snort
    http://www.snort.org/

    Depending on which modes you run it in, Snort can sniff (and log) packets
    and analyze traffic to detect many types of active attacks. If you are
    setting up a dedicated intrusion detection system I would suggest using a
    different operating system than your main server, so there is some
    diversity. e.g. if one is Linux, maybe run FreeBSD on the other.

    --
    Jem Berkes
    Software design for Windows and Linux/Unix-like systems
    http://www.sysdesign.ca/

  3. Re: Dedicated intrusion detection system

    In article , Jem Berkes says...
    >
    >> We have a spare computer with a dead hard drive that I'd like to use
    >> as a dedicated intrusion detection system.
    >> I want it to boot a hardened distro from a CD, and then probe all our
    >> production servers' ports and scan the hard drives with programs like
    >> Aide and Samhain. It will compare against a read-only database on the
    >> second CD drive. I'm sure a setup like this must have been created
    >> hundreds of times already, so I'm hoping someone can point me to some
    >> resources.

    >
    >Have you considered using Snort
    >http://www.snort.org/
    >
    >Depending on which modes you run it in, Snort can sniff (and log) packets
    >and analyze traffic to detect many types of active attacks. If you are
    >setting up a dedicated intrusion detection system I would suggest using a
    >different operating system than your main server, so there is some
    >diversity. e.g. if one is Linux, maybe run FreeBSD on the other.


    I'd love to run Snort along with Oinkmaster, but the available box has only
    128MB of memory.
    Do you know of a live CD that incorporates any of these tools?

    Thanks, Rick DeBay


    --
    NewsGuy.Com 30Gb $9.95 Carry Forward and On Demand Bandwidth


  4. Re: Dedicated intrusion detection system



    Rick DeBay wrote:
    > In article , Jem Berkes says...
    >
    >>>We have a spare computer with a dead hard drive that I'd like to use
    >>>as a dedicated intrusion detection system.
    >>>I want it to boot a hardened distro from a CD, and then probe all our
    >>>production servers' ports and scan the hard drives with programs like
    >>>Aide and Samhain. It will compare against a read-only database on the
    >>>second CD drive. I'm sure a setup like this must have been created
    >>>hundreds of times already, so I'm hoping someone can point me to some
    >>>resources.

    >>
    >>Have you considered using Snort
    >>http://www.snort.org/
    >>
    >>Depending on which modes you run it in, Snort can sniff (and log) packets
    >>and analyze traffic to detect many types of active attacks. If you are
    >>setting up a dedicated intrusion detection system I would suggest using a
    >>different operating system than your main server, so there is some
    >>diversity. e.g. if one is Linux, maybe run FreeBSD on the other.

    >
    >
    > I'd love to run Snort along with Oinkmaster, but the available box has only
    > 128MB of memory.
    > Do you know of a live CD that incorporates any of these tools?


    http://www.devil-linux.org/ could be one

    >
    > Thanks, Rick DeBay
    >
    >


  5. Re: Dedicated intrusion detection system

    In article , Philippe WEILL says...
    >Rick DeBay wrote:
    >> In article , Jem Berkes says...
    >>
    >>>>We have a spare computer with a dead hard drive that I'd like to use
    >>>>as a dedicated intrusion detection system.
    >>>>I want it to boot a hardened distro from a CD, and then probe all our
    >>>>production servers' ports and scan the hard drives with programs like
    >>>>Aide and Samhain. It will compare against a read-only database on the
    >>>>second CD drive. I'm sure a setup like this must have been created
    >>>>hundreds of times already, so I'm hoping someone can point me to some
    >>>>resources.
    >>>
    >>>Have you considered using Snort
    >>>http://www.snort.org/
    >>>
    >>>Depending on which modes you run it in, Snort can sniff (and log) packets
    >>>and analyze traffic to detect many types of active attacks. If you are
    >>>setting up a dedicated intrusion detection system I would suggest using a
    >>>different operating system than your main server, so there is some
    >>>diversity. e.g. if one is Linux, maybe run FreeBSD on the other.

    >>
    >>
    >> I'd love to run Snort along with Oinkmaster, but the available box has only
    >> 128MB of memory.
    >> Do you know of a live CD that incorporates any of these tools?

    >
    >http://www.devil-linux.org/ could be one


    Thanks, that looks good. I'm burning the different versions now, and I'll see
    what tools it has available.

    Rick DeBay


    --
    NewsGuy.Com 30Gb $9.95 Carry Forward and On Demand Bandwidth


+ Reply to Thread