Version 0.4 of the OSSEC HIDS is now available.
OSSEC HIDS is an Open source Host-based intrusion detection software. It performs log analysis, integrity checking, rootkit detection and health monitoring.
All this information is correlated and analyzed by a single engine, creating a very powerfull detection tool. OSSEC HIDS is very scalable, allowing you to easily monitor multiple systems from a central server.
This new version includes a new rootkit detection system, an improved integrity detection engine (much more complete and with much more detailed alerts), a faster and powerfull analysis system and complete support to Solaris and MacOS (in addition to Linux, *BSD, etc).
Source: Sedurity Pipeline - Posted by Pax Dickinson
Creating an exploit for the serious Snort intrusion detection system vulnerability announced earlier this week takes just two hours, a security researcher said Thursday, making it imperative that users patch or apply a work-around immediately.
OSSEC HIDS is a self-contained system for Host-based intrusion detection. It performs log extraction, integrity checking and health monitoring. All this information is correlated and analyzed by a single engine, creating a very powerfull detection tool.
Analyzing firewall logs is key to understanding the threats your servers face. Knowing what the bad guys are looking for is the first step in assessing how vulnerable your servers are. Both open source and commercial firewalls make log information available to firewall administrator. But taking risk assessment a step further, what if there were a way to apply the principles that make open source software successful to firewall log analysis? A way to help yourself and others at the same time? The DShield project seeks to do just that.
McAfee is looking to help protect against what it calls a dramatic increase of attacks on Linux systems. The company's Entercept intrusion prevention system -- already available for Windows and Solaris -- uses a combination of behavioral rules, signatures and a firewall to protect IT infrastructure from attack.
Taxed with providing an ever-expanding range of complex security functions, IPS vendors are rising to the challenge, transforming their wares to go beyond simply identifying and stopping attacks based on updated threat profiles.
An intrusion-prevention system (IPS) is part of an overall security strategy to protect your network from attack. The IPS literally prevents an attack by blocking bad stuff, such as viruses or malformed packets, from getting into the company network.
Every administrator of a corporate LAN of any size these days has already built strong defenses against hackers and virus attacks. But the viruses and hackers continue to get through. Why?
Chatsworth CA-based Intelligent Computer Solutions introduces a new portable high-speed hard drive duplicator.
Called the Image MASSter Solo 3 Forensic, the device can duplicate hard drives as speeds of up to 3GB per minute.
The IDE and SATA unit can seize SCSI drive information, and will work through FireWire and USB ports. The IMS Solo 3 has multiple ports available to capture information from other media devices.
Juniper Networks, Cisco Systems and 3Com's TippingPoint division are integrating a trifecta of security features into all-in-one appliances that give partners new ways to help cut the cost and complexity of security solutions.
The new wares combine firewall, VPN and intrusion-prevention capabilities in a format that promises proactive, easy-to-manage network protection, the vendors and solution providers said.
