Hosting Provided By

Re: host-based ips ?

From: Mike Frantzen <frantzen(at)nfr.com>
Date: Fri Apr 18 2003 - 11:15:45 EDT

> there are some nips (network based ips), but i never ever heard about
> host based ips. any body have known about this?

Niels' systrace originally from OpenBSD and NetBSD fits the bill. I've heard that it has been ported to FreeBSD and Linux as well. It does take a bit more technical know-how to set up right though.

There is also Crispin's Stackguard, my StackGhost, and Etoh's Propolice for general stack protection. Format string attack protection would come from Crispin's and my Formatguard. There are a bunch of venders shipping various non-exec solutions; I like Dale Rahn's OpenBSD W^X protection but then again, I'm biased ;-)

General solutions are often easier on a host than the traditional "detect and stop known attack" of the Network IPS world.

.mike
frantzen@(nfr.com | cvs.openbsd.org | w4g.org)

INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids Received on Mon Apr 21 18:46:43 2003

This message: [ Message body ]
Next message: John Ruff: "Re: host-based ips ?"
Previous message: Huagang Xie: "Re: host-based ips ?"
In reply to: Quynh Nguyen Anh: "host-based ips ?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:11 EDT

Do you need help?