Host Intrusion Prevention
This requirement applies to RIT-owned and leased computers. There is currently no requirement for personally-owned machines to run host intrusion prevention.
Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.
The following products have all been tested by the Information Security Office and approved for use on RIT-owned/leased computers.
Recommended Host-based Intrusion Prevention Software - Server
|
Program |
Description |
|---|---|
|
SentinelOne & Rapid7 |
Desktop and server intrusion prevention (Windows) (ISO-tested). |
|
OSSEC |
Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled. |
|
Bit9 |
Application whitelisting (Windows) (non ISO-tested) |
|
Cimcor |
Protects against unauthorized changes (Server and Network) (non ISO-tested) |
|
Tripwire (commercial version) |
Configuration assessment and change auditing (Desktops and Servers; VMware coming) (non ISO-tested) |
Recommended Host-based Intrusion Prevention Software - Desktop
|
Program |
Description |
|---|---|
|
SentinelOne & Rapid7 |
Desktop intrusion prevention (Windows) (ISO-tested) |
|
OSSEC |
Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled. |
|
Comodo |
Internet Security Suite (ISO-tested) |
|
Online Armor - Tall - Emu |
Firewall (ISO-tested) |