[PLUG] intrustion detection software
Russell Johnson
russj at dimstar.net
Fri Mar 20 00:21:12 UTC 2009
On Mar 19, 2009, at 4:12 PM, chris (fool) mccraw wrote:
> i want something host based that i can run on each
> host behind the firewall to report on things happening to that host.
Just a thought in this direction that you may have already considered.
Host based also allows for being compromised. If a host is reporting
on itself, how can you be sure it's reports are accurate?
One of the reasons for 'third party, impartial' reporting is just
that. The host can't be trusted to report on itself accurately. The
best way to assure accuracy is to have another host that reports on
the activity of the rest of the hosts.
Russell Johnson
russj at dimstar.net
More information about the PLUG
mailing list