We've been very impressed with the Axent Enterprise Security Manager suite
of host-based intrusion detection products. H-IDS systems aren't the
easiest to impliment, mostly because to get full benefit requires
significant up-front policy & procedure definition, but Axent provides a
very powerful and flexible environment. It also has the virtue of
supporting a wide variety of platforms.
On the other end of the cost/functionality spectrum, it's possible to do a
reasonable job of "rolling your own" H-IDS with cominations of freeware
tools like Tripwire, syslog, tcpwrappers, et. al. Be aware that to do this
right requires as much effort as any other H-IDS.
It really all depends on what you are trying to accomplish.
Ken Seefried, CTO
DigitalMoJo, Inc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
