The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What kind of Intrusion Detection System is appropriate for a web server?

Discussion in 'General Discussion' started by AbeFroman, Feb 20, 2004.

  1. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    What kind of Intrusion Detection System is appropriate for a web server?

    Has anyone caught an intruder?
     
  2. nybble

    nybble Well-Known Member

    Joined:
    Jan 26, 2004
    Messages:
    223
    Likes Received:
    0
    Trophy Points:
    16
    Snort

    Check out "Snort", might need google to find it :)
     
  3. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    I downloaded that, please briefly describe how you use it on your web server.
     
  4. nybble

    nybble Well-Known Member

    Joined:
    Jan 26, 2004
    Messages:
    223
    Likes Received:
    0
    Trophy Points:
    16
    Read the FAQ :p
    It looks for stuff that is not normal
     
  5. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    If you don't understand the included documents I recommend going to someone like Ryan at http://www.rfxnetworks.com and having them install it and other security applications. I believe Rack911 is another good alternative for these services also.
     
  6. cyberspirit

    cyberspirit BANNED

    Joined:
    Jun 27, 2003
    Messages:
    293
    Likes Received:
    0
    Trophy Points:
    0
    I would like to point out that IDS systems are not very useful if they are run on the same host they are to protect. IDS systems are much better of if they either sit in a network or on the bastion host. So do not expect too much in terms of security.
     
  7. ToddW

    ToddW Well-Known Member

    Joined:
    Jan 3, 2004
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Brute Force Detection from RFX Networks is great, and that URL provided step-by-step guide how to install it yourself.. FREE.

    CHKROOTKIT will be useful for determing if a root kit has been placed on your server giving unwanted access to hackers/crackers.

    And for more basic CPanel Security there are a few more how-tos there that should be done to CPanel and general webservers as well.

    If you personally need help, or find a how-to lacking CONTACT ME! I will help you fix your problem, and FIX the how-to!!!
     
  8. thedavid

    thedavid Well-Known Member

    Joined:
    Nov 22, 2002
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    This is definitely true. The best setup is to use a ethernet tap upstream of your boxes that you monitor. That said...

    Host-based IDS is better than no IDS at all, and can be a good edition to a well layered security strategy. Since lots of folks nowadays don't colo, host-based is often the only solution (short of buying more services from their DC).

    -David
     
  9. nybble

    nybble Well-Known Member

    Joined:
    Jan 26, 2004
    Messages:
    223
    Likes Received:
    0
    Trophy Points:
    16
    @ servermatrix you can rexuest how they setup your servers... so for $55 you could run an IDS< plus a $50 moving charge
     
  10. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    What is /etc/apf?

    I don't have that.

    How do i get it? I am assuming its a firewall of some sort.

     
  11. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
  12. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    What is better Snort or LIDS and why?
    What is better Snort or LIDS and why? Is snort compiled into the kernel?

    What are gresecurity and pax? http://pax.grsecurity.net/
    Can you use those together with Snort and lids?
     

Share This Page