[310] in Intrusion Detection Systems
Re: Looking for intrusion detection - Tripwire isn't it
daemon@ATHENA.MIT.EDU (Teresa Lunt)
Mon Aug 21 14:00:16 1995
Date: Sun, 20 Aug 1995 18:32:29 -0500
To: ids@uow.edu.au
From: tlunt@ARPA.MIL (Teresa Lunt)
Reply-To: ids@uow.edu.au
If you contact debra@csl.sri.com she can tell you about NIDES,
which does most of what you indicate you would like below,
but which is not a product and may require some experimentation
and tuning. You can get a copy for no cost, plus documentation,from
Debra.
Teresa
=============
> I guess it figures that the three responses I got via Email were
>all about tripwire. Perhaps I wasn't clear enough. I wasn't looking
>for an integrity checker to detect changed files on my server. If I
>were, I would use Integrity Toolkit (before tripwire, there wat IT!, and
>IT is better).
>
> I am looking for a real-time intrusion detection system that can
>take information provided by syslogs and other similar sources coming
>from a distributed network of computers, fuse the incoming information,
>and detect both patterns that are dissimilar to normal usage patterns
>and patters that are indicative of known attack profiles.
>
> A good example is CMDS by SAIC, but I know there are other such
>products, and I am trying to get in touch with the vendors of those
>other products to determine if any of them are as viable as CMDS, what
>they cost, how they operate, and whether they will meet the needs of my
>client.
>
> I am interested in a package that operates on information from
>different sources, including but not limited to Unix varieties and
>output from routers. It would be best if it ran on trusted computing
>bases, it would be nice if was programmable to allow us to customize it
>to meet the client's ever-changing needs, and it would be even better if
>it were supported by a substantial commercial organization with a
>long-term commitment to its ongoing availability and enhancement.
>Finally, it would be nice if the cost were relatively modest for the
>value given, taking into account support, customization, etc.
>
> I hope this has clarified my request for information.
>
>--
>-> See: Info-Sec Heaven at URL http://all.net
>Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
