Interesting title, don't you think? But, it is accurate if you think about it. HIDS, or Host Intrusion Detection System/Software, and NIDS, Network Intrusion Detection System/Software, though having the same core purpose (that being Intrusion Detection) are such very different creatures. HIDS looks at events as they relate to the host, or occur on the host. NIDS looks at events as they relate to network traffic.
Example: HIDS will see the syslog events where someone tried logging in via ssh, and is pretty positive that these events occurred. Very fact based, not very subtle. NIDS sees the ssh traffic, and probably wouldn't trigger an event unless the ssh packets are not rfc compliant or an attack pattern is detected in the packets themselves. If NIDS does trigger an event, the event would be somewhat vague and non-committal, and you (the IDS engineer/analyst) would have to do some interpretation and correlation. Note the subtle differences in how each approaches and implements their solutions to the same problem; that being intrusion detection.
I'll leave it up to you, the reader, to decide which variant of IDS fits which gender. It's safer that way...less chance of offending someone's (so-called) politically correct sensibilities. Me personally....I'm a HIDS.
Quite often it can be difficult correlating events from HIDS and NIDS (e.g. He said..., She said...”), let alone other event sources (which we won't go into for this brief discussion). Since HIDS and NIDS look at intrusion detection differently, they are bound to talk about (log) events differently and use differing lingo. You need someone to act as a go-between, and interpreter who understands both languages (HIDS and NIDS), and can make sense out each input (logs) as well as provide an accurate “big picture” of your environment (depending on how many logging sources you have of course). OSSEC-HIDS fits that role quite well. It understands NIDS events, HIDS events, firewall events, and so much more. It's the relationship counselor of intrusion detection. *smile*
Anyone who knows me, knows that somehow I'll find a way to wriggle OSSEC-HIDS into most any conversation. It's one of my favorite open source projects. Perhaps I am somewhat biased in my opinions regarding OSSEC-HIDS, but what I said about it is essentially accurate, though understates the features it brings to any environment. OSSEC is more than an IDS relationship counselor, but it handles that task quite nicely if you ask me.
Tuesday, July 17, 2007
Tuesday, July 10, 2007
Nothing is going to change until I become President of the U.S.
I've often said that nothing is ever going to get fixed, until I am elected President of the United States. Considering the dire straits my country is in (government leadership-wise), I've gotten a bit more curious about what it takes to be able to run for President. So, what are the requirements to become President of the United States?
Answer: The United States Constitution outlines the requirements for President in Article 2. This article of the U.S. Constitution also outlines the powers of the President and Executive branch of government.
Answer: The United States Constitution outlines the requirements for President in Article 2. This article of the U.S. Constitution also outlines the powers of the President and Executive branch of government.
Section 1 of Article 2 of the U.S. Constitution states that a President must:
- Must be a natural born citizen of the United States.
- Must be at least 35 years old.
- Must have lived in the United States for at least 14 years.
Hmmm....well, let's see if I qualify. Yep, I am a natural born citizen of the United States. Yes, sadly enough I am over 35 years of age (though not by much!). And yes, I have lived in the United States for at least 14 years (I've lived in the U.S. my entire life...all 39 years.)
So I guess I do meet the minimum requirements to run for the office of President of the United States. Now all I need is some folks to vote for me. :)
Subscribe to:
Posts (Atom)