[Dshield] What a lowly civil servant can do

Erwin Fritz efritz at glja.com
Thu Oct 24 21:40:17 GMT 2002


Oooh, my first post to this list.

Jason Allen wrote:
> I would like to see more about what a lowly civil servant can do to protect
> his users....what works well and doesn't cost thousands of dollars? How can
> I stay ahead of the curve and at least have a few minutes warning about this
> stuff before it slams into my network and costs me the respect of my users
> that I have struggled for years to build up. 

 > If anyone has any tips for helping to safeguard and monitor a network of
 > about 200 users with a big pipe to the Internet, I would appreciate hearing
 > from you. Are there any good FREE IDS available?

Well, I'm rolling out FCheck and TCP Wrappers on my UNIX boxes right now, 
and like them both (although I still need to do more tweaking of the 
latter). FCheck is a Perl file integrity checker, and also runs on W2K (but 
there, it doesn't check the registry like TripWire does).

Both are free, and are reasonable host-based intrusion detection measures.

On the W2K side, we use EventSLog in combination with a central syslog 
server. On the UNIX side, we use syslog natively, and Log Sentry. All are free.

Just my two bits.

-- 
Erwin Fritz
Gilbert Laustsen Jung Associates Ltd.




More information about the list mailing list