[Dshield] What a lowly civil servant can do

Erwin Fritz efritz at glja.com
Thu Oct 24 21:40:17 GMT 2002

Oooh, my first post to this list.

Jason Allen wrote:
> I would like to see more about what a lowly civil servant can do to protect
> his users....what works well and doesn't cost thousands of dollars? How can
> I stay ahead of the curve and at least have a few minutes warning about this
> stuff before it slams into my network and costs me the respect of my users
> that I have struggled for years to build up. 

 > If anyone has any tips for helping to safeguard and monitor a network of
 > about 200 users with a big pipe to the Internet, I would appreciate hearing
 > from you. Are there any good FREE IDS available?

Well, I'm rolling out FCheck and TCP Wrappers on my UNIX boxes right now, 
and like them both (although I still need to do more tweaking of the 
latter). FCheck is a Perl file integrity checker, and also runs on W2K (but 
there, it doesn't check the registry like TripWire does).

Both are free, and are reasonable host-based intrusion detection measures.

On the W2K side, we use EventSLog in combination with a central syslog 
server. On the UNIX side, we use syslog natively, and Log Sentry. All are free.

Just my two bits.

Erwin Fritz
Gilbert Laustsen Jung Associates Ltd.

More information about the list mailing list