HIPS/HIDS

[n0cmonkey]

I've been playing with Blink a little bit, and so far it isn't too bad. I've also been using OSSEC on my machines (except the Mac), and I definitely like it so far.

Just looking for other suggestions (both personal and enterprise).

Free is preferred, I'm poor.

 

[chipy]

it's been many years since i looked into stuff like this but last time i was researching stuff like this, Tripwire seemed to be one of the preferred tools by security experts.

 

[John]

I prefer virtualization over HIPS, so check out PowerShadow. Here's a massive thread about it on Wilders. SandboxIE and CyberHawk are popular freeware HIPS.

 

[n0cmonkey]

Originally posted by: chipy
it's been many years since i looked into stuff like this but last time i was researching stuff like this, Tripwire seemed to be one of the preferred tools by security experts.

Tripwire's configuration management.

 

[n0cmonkey]

Originally posted by: John
I prefer virtualization over HIPS, so check out PowerShadow. Here's a massive thread about it on Wilders. SandboxIE and CyberHawk are popular freeware HIPS.

I'm more worried about the state of the system while its running. I checked out cyberhawk and wasn't too impressed. Plus it was only a 30 day trial.

I've heard of SandboxIE, but I haven't looked into it much. Isn't it for the browser only?

 

[DaiShan]

Have you looked at Prelude and Prewikka (the front end) pretty cool stuff IMO. It's my next home project

 

[n0cmonkey]

Originally posted by: DaiShan
Have you looked at Prelude and Prewikka (the front end) pretty cool stuff IMO. It's my next home project

I've looked at it. Its definitely interesting, but I haven't had enough time to devote to getting it working.

OSSEC and sguil were much easier.

 

[John]

Originally posted by: n0cmonkey

Originally posted by: John
I prefer virtualization over HIPS, so check out PowerShadow. Here's a massive thread about it on Wilders. SandboxIE and CyberHawk are popular freeware HIPS.

I'm more worried about the state of the system while its running. I checked out cyberhawk and wasn't too impressed. Plus it was only a 30 day trial.

I've heard of SandboxIE, but I haven't looked into it much. Isn't it for the browser only?

How did you miss the free version? http://www.novatix.com/GetCyberhawk/

Get the Pro version for Free from this URL: http://www.novatix.com/cyberhawk/free/

Sandboxie is not just for IE. http://www.sandboxie.com/

 

[n0cmonkey]

I'll have to check that out.

 

[kamper]

I was gonna try installing ossec on my mac today. I wanted to set it up in a temp dir so I could see what was going on before letting it barf all over my file system. The installer refused to run without root. I promptly gave up.

I might try it this weekend using vmware.

 

[n0cmonkey]

Originally posted by: kamper
I was gonna try installing ossec on my mac today. I wanted to set it up in a temp dir so I could see what was going on before letting it barf all over my file system. The installer refused to run without root. I promptly gave up.

I might try it this weekend using vmware.

Yeah, it needs root to install files into directories only root has access to...