I just finished a paper on a host-based IDS called Samhain: http://www.linuxsecurity.com/feature_stories/feature_story-116.html It runs on Windows, linux, solaris, and aix from the servers I have tested it on. It should help get you started on what you need. Snort could help with the network IDS. Let us know if you need more help. On Mon, 19 Aug 2002, Derrick Lewis wrote: > > I am doing research on possible Intrusion Detection System Implementation > for a friend of mine who sent me an RFP (Request For Proposals). The RFP > involves assisting XYZ company in its HIPAA Program remediation planning > and implementation as a result of the mandated Health Insurance > Portability and Accountability Act of 1996 (HIPAA) requirements. Some of > the RFP is clipped below. I wanted to know if anyone on the list has had > any experience doing such a task? If so, can you point me to resources on > that would assist me in completing this task? Thanks. -D > > > > Objective 3: Intrusion Detection System Implementation > > Implement a Host and Network based Intrusion Detection System (IDS) that > will monitor activities on the servers and network. If unwanted activity > is detected, an event notification would be sent to the appropriate > person. > > > Intrusion Detection System Implementation Deliverables: > > -Develop detailed project plan and timelines for project management. > > -Develop a Strategy and Requirements documents. This document should > include Business Requirements, Technical Requirements, ROI analysis and > in-source vs. out-source analysis. > > -Perform a risk and needs analysis to determine what type (network based, > host based, etc.) of IDS and how many. > > -Identify intrusion detection technologies that would best work for XYZ > Companies model. > > -Develop an RFP based on the previous steps to purchase an IDS product. > > -Periodically test the effectiveness of the IDS over the next several > quarters by performing a planned and staged hack of the network. > > -Identify the policies and procedures that will be needed to support IDS > implementation. > > -- > Derrick Lewis > Assistant Site Manager LinuxSecurity.com > (201) 934-9230 "The Linux Community's Center for Security." > dlewis@linuxsecurity.com http://www.linuxsecurity.com > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > -- duane Fun reading...well for some. 8-) http://www.linuxsecurity.com/feature_stories/feature_story-116.html http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html -- Updated Version http://www.linuxsecurity.com/feature_stories/feature_story-89.html http://www.linuxsecurity.com/feature_stories/feature_story-88.html ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
