[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Anyone suggest windows Firewall works with ossec?

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
From: John Ives <jives@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 06 Jul 2007 15:48:16 -0700


Its been so long since I worked with windows ipsec from the command line 
that the last script I wrote for it wused ipsecpol.  I am going to have 
to look at how its changed to work out if its still feasible.  One of my 
co-workers has used netsh a bit (though for manipulating the firewall) 
so I have sent her an email asking for some examples/references.  
Hopefully I will get a chance to figure out the command line syntax next 
week since that is the place where the vague ideas floating around in my 
head are at their weakest.

John

MdMonk wrote:
> John-
>
> Send your ideas, or even better, code samples/snippets to the list or
> drop in #ossec on irc.freenode.net. We can bounce ideas off each other
> and I'm sure we can come up with a solution or at least the start of
> one.
>
> Anything I would code up would be hacked-together scripts as well. So
> at least you are in good company John! :)
>
> -Chuck (MdMonk)
>
> On 7/4/07, John Ives <jives@xxxxxxxxxxxxxxxxxxxxx> wrote:
>   
>>
>> Actually, my thoughts on active response for windows were just part of a
>> number of thoughts I have had recently on active response and ways to
>> utilize it more.
>>
>> I have ideas on how I could add this functionaility for windows, but I
>> would be the first to admit that anything I write would be a hack and
>> would probably include a combination of perl scripts and netcat. :)
>>
>> John
>>
>> -------------------------------------------------------------------------
>> John Ives                                           Phone (510) 642-7773
>> System & Network Security                            Cell (510) 229-8676
>> University of California, Berkeley
>> -------------------------------------------------------------------------
>>
>> On Wed, 4 Jul 2007, deltamails@xxxxxxxxx wrote:
>>
>>     
>>> John,
>>> Windows version of OSSEC is like Read only mode. It can no do something like
>>> active respone which is possible in Linux edition. But Windows is more
>>> vulnerable to brute force and other attacks.
>>> If some firewall and ossec and be married together then it makes perfect
>>> combination. Right now ossec on windows is just reading the logs and sending
>>> alerts.
>>> If anyone have any idea how to implement this then please suggest.
>>>
>>> Regards,
>>> DM
>>>
>>>
>>> ----- Original Message -----
>>> From: "John Ives" <jives@xxxxxxxxxxxxxxxxxxxxx>
>>> To: <ossec-list@xxxxxxxxxxxxxxxx>
>>> Sent: Wednesday, July 04, 2007 12:34 AM
>>> Subject: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
>>>
>>>
>>>       
>>>> MdMonk wrote:
>>>>         
>>>>> There's talk of how to implement active-response on Microsoft Windows
>>>>> systems. Something I had brought up was to use the "netsh" command.
>>>>>
>>>>> -Chuck (MdMonk)
>>>>>
>>>>> On 7/4/07, deltamails@xxxxxxxxx <deltamails@xxxxxxxxx> wrote:
>>>>>
>>>>>           
>>>>>> Can anyone suggest windows firewall that works with ossec?
>>>>>>
>>>>>> Regards,
>>>>>> DM
>>>>>>
>>>>>>             
>>>> I have been considering this as well lately and feel that using netsh to
>>>> manipulate the IPSec filters would be the best bet. My concern has been
>>>> how to write a script that could be used in multiple environments.
>>>> Since only one IPSec policy can be applied at a time, I would guess that
>>>> a config file would be necessary so that admins could set the policy to
>>>> use along with any other settings.
>>>>
>>>> John
>>>>
>>>> --
>>>> -------------------------------------------------------------------------
>>>> John Ives                                           Phone (510) 642-7773
>>>> System & Network Security      Cell (510) 229-8676
>>>> University of California, Berkeley
>>>> -------------------------------------------------------------------------
>>>>
>>>>
>>>>         
>>>       
>
>
>
>   


-- 
-------------------------------------------------------------------------
John Ives                                           Phone (510) 642-7773
System & Network Security			     Cell (510) 229-8676
University of California, Berkeley
-------------------------------------------------------------------------

References:
- [ossec-list] Silly problem
  - From: Mark Roggenkamp
- [ossec-list] Anyone suggest windows Firewall works with ossec?
  - From: deltamails
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: MdMonk
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: John Ives
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: deltamails
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: John Ives
- [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
  - From: MdMonk

Prev by Date: [ossec-list] Re: Reinstall server for active-response
Next by Date: [ossec-list] Re: Whitelisting specific syslog message
Previous by thread: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
Next by thread: [ossec-list] Re: Waiting for server reply (not started)
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.