[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Anyone suggest windows Firewall works with ossec?

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
From: John Ives <jives@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 4 Jul 2007 12:52:23 -0700 (PDT)



Actually, my thoughts on active response for windows were just part of a 
number of thoughts I have had recently on active response and ways to 
utilize it more.

I have ideas on how I could add this functionaility for windows, but I 
would be the first to admit that anything I write would be a hack and 
would probably include a combination of perl scripts and netcat. :)

John

-------------------------------------------------------------------------
John Ives                                           Phone (510) 642-7773
System & Network Security                            Cell (510) 229-8676
University of California, Berkeley
-------------------------------------------------------------------------

On Wed, 4 Jul 2007, deltamails@xxxxxxxxx wrote:

>
> John,
> Windows version of OSSEC is like Read only mode. It can no do something like
> active respone which is possible in Linux edition. But Windows is more
> vulnerable to brute force and other attacks.
> If some firewall and ossec and be married together then it makes perfect
> combination. Right now ossec on windows is just reading the logs and sending
> alerts.
> If anyone have any idea how to implement this then please suggest.
>
> Regards,
> DM
>
>
> ----- Original Message -----
> From: "John Ives" <jives@xxxxxxxxxxxxxxxxxxxxx>
> To: <ossec-list@xxxxxxxxxxxxxxxx>
> Sent: Wednesday, July 04, 2007 12:34 AM
> Subject: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
>
>
>>
>> MdMonk wrote:
>>> There's talk of how to implement active-response on Microsoft Windows
>>> systems. Something I had brought up was to use the "netsh" command.
>>>
>>> -Chuck (MdMonk)
>>>
>>> On 7/4/07, deltamails@xxxxxxxxx <deltamails@xxxxxxxxx> wrote:
>>>
>>>> Can anyone suggest windows firewall that works with ossec?
>>>>
>>>> Regards,
>>>> DM
>>>>
>>
>> I have been considering this as well lately and feel that using netsh to
>> manipulate the IPSec filters would be the best bet. My concern has been
>> how to write a script that could be used in multiple environments.
>> Since only one IPSec policy can be applied at a time, I would guess that
>> a config file would be necessary so that admins could set the policy to
>> use along with any other settings.
>>
>> John
>>
>> --
>> -------------------------------------------------------------------------
>> John Ives                                           Phone (510) 642-7773
>> System & Network Security      Cell (510) 229-8676
>> University of California, Berkeley
>> -------------------------------------------------------------------------
>>
>>
>
>

Follow-Ups:
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: MdMonk

References:
- [ossec-list] Silly problem
  - From: Mark Roggenkamp
- [ossec-list] Anyone suggest windows Firewall works with ossec?
  - From: deltamails
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: MdMonk
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: John Ives
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: deltamails

Prev by Date: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
Next by Date: [ossec-list] Granular Email Alerting, alert for a certain host
Previous by thread: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
Next by thread: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.