Author Topic: Host Based IPS  (Read 7956 times)

gr33ndata

  • Sr. Member
  • ****
  • Posts: 366
  • Karma: +0/-0
    • View Profile
    • http://www.geocities.com/tarekamr20
Host Based IPS
« on: March 12, 2006, 11:05:39 am »
Since Juniper doesn't have a host based IPS, can anyone recommend a good multi-platform IPS
Gr33nData, or you may call me NetScream
JNCIS-FWV, and JNCIA-IDP
http://gr33ndata.blogspot.com/

signal15

  • Administrator
  • Hero Member
  • *****
  • Posts: 530
  • Karma: +1/-0
    • View Profile
    • JuniperForum.com
Re: Host Based IPS
« Reply #1 on: March 20, 2006, 08:18:26 am »
I've used the McAfee Entercept product, and it works quite well.  It prevents buffer overflows, which will catch most of the major exploits, and it has signatures to block other things.  I wouldn't run a public windows server without it (well, I would run a windows server anyway, but that's another story).  :)

Florent

  • Atomic Playboy
  • *******
  • Posts: 1089
  • Karma: +0/-0
    • View Profile
    • http://www.netsc.ch
Re: Host Based IPS
« Reply #2 on: March 22, 2006, 07:25:58 am »
You can check ISS server sensor which offers interresting features
FlO
__ www.netsc.ch __

willmac

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Host Based IPS
« Reply #3 on: March 23, 2006, 09:58:14 am »
I have used prevx - www.prevx.com at home - they have a corporate solution.
The have a different approach to othe vendors.

chumpmasterg

  • Full Member
  • ***
  • Posts: 127
  • Karma: +0/-0
    • View Profile
Re: Host Based IPS
« Reply #4 on: March 27, 2006, 04:46:02 pm »
Is the Infranet not a good solution for something like this?
-Munpe Q

signal15

  • Administrator
  • Hero Member
  • *****
  • Posts: 530
  • Karma: +1/-0
    • View Profile
    • JuniperForum.com
Re: Host Based IPS
« Reply #5 on: March 27, 2006, 06:45:30 pm »
No.  The Infranet controller is for NAC.  This is for Intrusion/prevention detection on hosts.

sebastan_bach

  • Sr. Member
  • ****
  • Posts: 349
  • Karma: +0/-0
    • View Profile
Re: Host Based IPS
« Reply #6 on: May 01, 2006, 06:45:25 pm »
hi iss proventia desktop is awesome one. as u might knoe iss were the pioneers how stated with ids .
good product to try it out.

sebastan

junipoint

  • Full Member
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Re: Host Based IPS
« Reply #7 on: May 07, 2006, 11:33:06 pm »
Sygate and Checkpoint(Zone Labs) Integrity are both excellent host-IPS products. I've managed both and would recommend either. I'd lean more towards Sygate though since Checkpoint owns ZoneLabs.  :-(, but then again Sygate was acquired by Symantec last year.  :-(