Overview
CU Boulder recommends that all highly confidential data servers have host-based intrusion detection software installed and used by the server administrator. To help facilitate this requirement, OIT and IT Security have developed helpful support resources for server administrators, as well recommended no-cost solutions.
Host-based intrusion detection software is encouraged on all highly confidential data servers and recommended for all Internet facing servers. OIT recommends selecting Host-based intrusion software that meets the following objectives: strong configuration management and mandatory access-control/sandboxing for systems which maintain highly confidential data or are Internet facing.
Recommendations
OIT recommends the following solutions and will provide the best level of support for customers who use them:
- System Center Configuration Manager for Windows servers
- OSSEC for Macintosh OS X servers
- Chef for Linux servers
Server administrators can use an alternative solution such as Puppet, Anisble, Powershell Desired Configuration Management, or Salt.
*Note: CU Boulder has retired the Tripwire service and site license. Please use the appropriate software for your needs from the list above.
Who can get it
Host-based intrusion detection software (HIDS) should be installed and used by the server administrator.
How to get it
Attending a no-cost training session facilitated by the Office of Information Security (OIS) is encouraged to understand how to best protect your data. These trainings will give you a security refresher, general information about HIDS, and instructions for how to acquire site licenses and help. Contact (OIS) to sign up for IT Security training.
