HIDS - FAQ
General FAQ
Yes. The no-cost training will cover the recommend configurations for HIDS. Please visit the recommended practices portion of this website for self-help information if you have already attended the training session.
Yes. Administrators have full control over the installation and configuration of HIDS on the systems for which they have responsibility.
Yes. The vendor manuals are available at the Norlin Library. You can check out the manuals at the reference desk under course number HIDS 1000.
Because of the complexity of running the software, OIT recommends administrators attend the no-cost training. In order to receive a Tripwire Enterprise license, you must attend the training or fill out a training exemption form.
No. You only need to attend the training once. The training material is provided on the OIT website if you would like to review Tripwire Enterprise or OSSEC installation and configuration settings.
It is recommended that administrators include IT Security in alerts that are sent from their HIDS so that the IT Security Office (ITSO) is aware of issues and can be better prepared to help in the event of an attack or compromise. The no-cost training module will help you configure that option.
To obtain the Tripwire Enterprise software and license, please attend the no-cost training or fill out the training exemption form. You can download OSSEC from ossec.net.
Contact the IT Service Center to make the request. You will be routed to the IT Site Licensing office.
Host-based Intrusion Detection monitors the system for unauthorized changes to files and alerts the administrator of suspicious activity.
There is no cost to run Tripwire Enterprise or OSSEC.
By running a host-based intrusion detection system, you satisfy the requirement and do not need to run Tripwire Enterprise or OSSEC. Please contact the IT Security Office (ITSO) to file an exception.
HIDS examines a computer system for anomalous behavior as a means to identify an attack or compromise of the system. Identifying the source and method of an intrusion will help us to understand what data is at risk and if other systems may be affected.
Any computer that can be accessed from outside of the campus network without using the VPN.
Verify the alert and contact the IT Security Office (ITSO). Because of the complexity of HIDS software, there is potential for false positives. The no-cost training module will cover alert management. If the alert appears to be an indication of a compromise, contact the ITSO immediately.
Tripwire Enterprise is a comprehensive HIDS for Unix, Linux, and Windows systems. OSSEC works well on Macintosh servers.
HIDS is required for systems hosting private data and recommended for all Internet facing servers. Protecting private data is a top priority on the CU-Boulder campus and HIDS will provide administrators and the IT Security Office with immediate knowledge of a potential system compromise.
No. The IT Security Office provides no-cost training that will guide you through installation and configuration of Tripwire Enterprise or OSSEC.