[ossec-list] Re: Anyone suggest windows Firewall works with ossec?

[<deltamails@xxxxxxxxx>]

John,
Windows version of OSSEC is like Read only mode. It can no do something like 
active respone which is possible in Linux edition. But Windows is more 
vulnerable to brute force and other attacks.
If some firewall and ossec and be married together then it makes perfect 
combination. Right now ossec on windows is just reading the logs and sending 
alerts.
If anyone have any idea how to implement this then please suggest.

Regards,
DM


----- Original Message ----- 
From: "John Ives" <jives@xxxxxxxxxxxxxxxxxxxxx>
To: <ossec-list@xxxxxxxxxxxxxxxx>
Sent: Wednesday, July 04, 2007 12:34 AM
Subject: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?


>
> MdMonk wrote:
>> There's talk of how to implement active-response on Microsoft Windows
>> systems. Something I had brought up was to use the "netsh" command.
>>
>> -Chuck (MdMonk)
>>
>> On 7/4/07, deltamails@xxxxxxxxx <deltamails@xxxxxxxxx> wrote:
>>
>>> Can anyone suggest windows firewall that works with ossec?
>>>
>>> Regards,
>>> DM
>>>
>
> I have been considering this as well lately and feel that using netsh to
> manipulate the IPSec filters would be the best bet. My concern has been
> how to write a script that could be used in multiple environments.
> Since only one IPSec policy can be applied at a time, I would guess that
> a config file would be necessary so that admins could set the policy to
> use along with any other settings.
>
> John
>
> -- 
> -------------------------------------------------------------------------
> John Ives                                           Phone (510) 642-7773
> System & Network Security      Cell (510) 229-8676
> University of California, Berkeley
> -------------------------------------------------------------------------
>
>