INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!

Talk With Other Members
Be Notified Of Responses
To Your Posts
Keyword Search
One-Click Access To Your
Favorite Forums
Automated Signatures
On Your Posts
Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Tek-Tips LinkedIn^® Group

Join our
LinkedIn^® Group!

Hook up with past and present colleagues and classmates quickly.

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site

(Download This Button Today!)

Feedback

"...Since using forums in my early days 10 years ago in CompuServe, one had to log back on and sometimes wait days for a response. Now I get a response e-mailed to me which I can click a link and go right back to exactly where My post was..."

More...

Geography

Where in the world do Tek-Tips members come from?

Click Here To Find Out!

Tek-Tips Shirts!

Get your
Tek-Tips Forums
SWAG here!

Home > Forums > Member Moderated > Tek-Tips Groups > Information Security Group Forum

vulnerability Scan and Intrusion Detection project... would like some

Read More Threads Like This One

mlchris2 (TechnicalUser)

11 Nov 10 15:22

One of the divisions of the company I work for received feedback from an audit and I not have a project that needs to be implemented by the end of year 2010. I come searching for feedback on what others might be using, which products to shy away from, etc. I appreciate any input you can offer.

I have been instructed to;

1. obtain a detailed Vulnerability scan or penetration test every year that shows the vulnerability points in our external network.

2. Implement a Intrusion detection system to protect several servers and databases.

what can you recommend I look at? I've looked at Juniper IDP and SSX products, Qualys and NitroSecurity thus far.

thanks

Mark C.

Noway2 (Programmer)

12 Nov 10 4:10

You might want to look at Nessus for vulnerability scanning.  It was the tool of choice at multiple places where I have worked.

As far as intrusion detection, start by researching the difference between host based and network based intrusion detection.  They are separate functions that ultimately work together to provide a unified solution.

Most of my experience with intrusion detection is on Linux based servers.  You didn't specify what OS you are running.  On Linux, I use a combination of Ossec and Snort.  A program called Samhain seems to be quite popular.

Network intrusion detection works on the principle of placing an adapter in promiscuous mode where it looks at ALL of the traffic on a network.  It then uses packet inspection to watch for and match certain suspicious patterns.  The patterns are frequently updated in response to emerging threats.  By way of comparison, host based intrusion detection watches for changes on a server that indicate compromise.

As part of a holistic approach you will need to implement procedures and practices to routinely upgrade your detection signatures.  You should also get a habit of monitoring the system logs.  In Linux, a program called logwatch is good for this, but you should also manually scan things on a period basis.

It also goes without saying that these measures are all secondary to a good practice of hardening the servers themselves.  Use of good passwords and other proper authentication, control of access lists, user privilege, correctly setting up firewalls, etc.  Without these intrusion detection is almost futile.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Information Security Group