3

We are looking into installing a host intrusion detection system on a Windows 2008 R2 web server.

Our requirements are, at least for the time being, that the system needs to be standalone and also affordable (a bit vague I know), preferably free.

Some of the most recommended solutions fail short of these requirements: - Tripwire: too costly. - OSSEC: Only has a windows agent, cannot run the manager under windows.

I've been looking into other solutions such as AFICK, Verisys, etc. Just hoping to hear from other peoples experiences.

user75709
  • 33
  • 1
  • 3

1 Answers1

3

We recently had a similar requirement, also for a Windows 2008 R2 web server, and looked at the same kind of solutions that you mentioned.

We discounted OSSEC for the same reasons as you, plus it just didn't seem very 'polished' (same with AFICK too).

We discounted Tripwire on grounds of cost and complexity - when we eventually got to trial it, it seemed really complicated to setup, and was just overkill for our requirements. Another commercial solution we looked at and discounted was NNT change tracker - which was expensive, complicated, and had one of the worst GUIs I've ever seen!

In the end we went with Verisys, which was a lot cheaper than Tripwire - though I still wouldn't describe it as 'cheap'. It was straightforward to setup, and seems to just work.

Owen Orwell
  • 394
  • 1
  • 8