555 Posted August 9, 2009 Share Posted August 9, 2009 Hello, I have been reading up on intrusion detection systems, and seen that it looks like a hardware firewall with an IDS is the best way to go, but i dont have a whole lot of money. So i was wondering if anyone can recommend a good IDS that will work with windows vista, and also one for ubuntu. I heard of Snort but it says there is a 5 day lapse? on the free version which i guess means that i can not review the results of the present day until 5 days later? I am looking for something easy to use and also get real time results. Thanks. Quote Link to comment Share on other sites More sharing options...
decepticon_eazy_e Posted August 10, 2009 Share Posted August 10, 2009 Hello, I have been reading up on intrusion detection systems, and seen that it looks like a hardware firewall with an IDS is the best way to go, but i dont have a whole lot of money. So i was wondering if anyone can recommend a good IDS that will work with windows vista, and also one for ubuntu. I heard of Snort but it says there is a 5 day lapse? on the free version which i guess means that i can not review the results of the present day until 5 days later? I am looking for something easy to use and also get real time results. Thanks. Snort is free, try that first. You will not find an IDS that works out of the box. You have to tune and tweak them to eliminate false positives. This will not be a 20 minute project, this will take you a couple of months. Longer on a home network since there will be no attacks to watch for and flag. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted August 10, 2009 Share Posted August 10, 2009 What's your budget looking like? I agree with eazy, free is probably best... How many hackers do you think are trying to inflitrate your personal network? With what's to be gained, I think their efforts are better spent on businesses, since there is more to be had and people are less likely to notice something "weird" happening on the network. Just a thought :). Quote Link to comment Share on other sites More sharing options...
555 Posted August 10, 2009 Author Share Posted August 10, 2009 Budget hehe whats that? I guess if i could find a awesome hardware firewall which includes an IDS for 50$ i would probuly get it, but from what ive seen they are ussually like 300$ or more.. I think i'll Snort out, I kind of just want to learn how IDS works and play around with it on my system, maybe set up fake attacks on my computer network from my laptop. Im currently going to college for computer programming and the security part interests me as well.. thanks for your help guys, I'll give Snort a shot. :) Quote Link to comment Share on other sites More sharing options...
puzOpia Posted August 12, 2009 Share Posted August 12, 2009 I've heard some pretty good things about Snort, but haven't tried it yet. Hope it works out for you. Quote Link to comment Share on other sites More sharing options...
dw5304 Posted August 12, 2009 Share Posted August 12, 2009 look into clark connect. pro version $85 per year w/ a $25 /yr intrusion detection system for the low budget range, also is ready to go with close to nothing for configuration. they have a community version that is free but u will still need to buy an intrusion license at 30$/yr clarkconnect.com Quote Link to comment Share on other sites More sharing options...
ethicalHacker Posted October 24, 2010 Share Posted October 24, 2010 hey guys. i wanna ask. is it nowdays internet security software have include intrusion detection system (IDS) & Intrusion Prevention System (IPS) technology? intelligent firewall should have this 2 technology right? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 24, 2010 Share Posted October 24, 2010 I was going to mention that if you want network protection against external attacks, you should always go with IDPS, which is a mixture of intrusion detection and prevention. Snort is the most popular intrusion detection system available on the market, but it detects the attack, it does not prevent the attack. On the other hand and as suggested by EthicalHacker IPS is what you want. Untangle is an opensource Linux based firewall, that has many advanced features. One of its features is IDP. You should head out to their website and check it out, its free and you only need to set it up on box. http://www.untangle.com/ Quote Link to comment Share on other sites More sharing options...
ethicalHacker Posted October 25, 2010 Share Posted October 25, 2010 because i have assignment. title is do research for intelligent firewall. so i want to know intrusion detection system (IDS) & Intrusion Prevention System (IPS) techonology is it have use in intelligent firewall. if yes then i want to do more research in this way. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 25, 2010 Share Posted October 25, 2010 (edited) How Intrusion Detection Works Intrusion detection is the process of identifying potential threats to networks, computers, databases and other IT devices. Intrusion detection has become increasingly essential with the popularity of the Internet. Many companies have implemented intrusion detection systems to discourage hackers from stealing information and destroying network systems. Hackers intrude on networks for the purpose of financial gain, industrial espionage, or out of the need to gather attention or protest the apprehension of other hackers. The reasons for hacking are numerous and rapidly increasing as the world relies on the Internet for conducting business and personal use. How Intrusion Detection Works Intrusion detection works by collecting information and then examining it for inappropriate occurrences. An IT administrator will use this data to take future preventative measures and make improvements to network security. An intrusion detection system works by examining the following events: Observing Activity: The intrusion detection system will observe activity taking place within the network and keep track of user policies and activity patterns to ensure there are no attempts to violate these patterns. Viruses: Virus and malware can hide within a network system in the form of spyware, keylogging, password theft, and other types of malicious attacks. A good intrusion detection system can spot where they are hiding and then take the necessary steps to remove these hidden files. Vulnerabilities: When a network system is configured it can create vulnerabilities in system configuration files. In this case the intrusion detection system will identify the vulnerabilities in the configuration files as well as each machine on the network. File Settings: Authorization files on a network generally consist of a user authorization and a group authorization. The intrusion detection system will check these on a regular basis to ensure they have not been tampered with in any way. Services: Service configuration files are routinely checked to ensure that the there are no unauthorized services in operation on the network. Packet Sniffing: Intrusion detection systems check for unauthorized network monitoring programs that may have been installed for the purpose of monitoring and recording user account data activity. PC Check: The intrusion detection system will check each PC on the network periodically to make sure there have not been any violations or tampering activity. Generally if one PC displays a violation, the system should check all of the other machines on the network. An intrusion detection system can be run manually but most IT administrators find it easier to automate the system checks to ensure that nothing is accidentally overlooked. It is also necessary to cover all of the bases when it comes to a system check so that statistical analysis can be performed accurately. Source: http://www.spamlaws.com/how-intrusion-detection-works.html Edit: What you need to know about IDS: http://www.windowsecurity.com/articles/Wha...on_Systems.html http://www.itsecurity.com/features/intrusi...dummies-072906/ Edited October 25, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
ethicalHacker Posted October 25, 2010 Share Posted October 25, 2010 so is it firewall + IDS + IPS = intelligent firewall? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 25, 2010 Share Posted October 25, 2010 so is it firewall + IDS + IPS = intelligent firewall? Yep pretty much! A firewall alone can't protect your network 100%, that's why you need to deploy IDS and IPS altogether. Quote Link to comment Share on other sites More sharing options...
ethicalHacker Posted October 25, 2010 Share Posted October 25, 2010 Yep pretty much! A firewall alone can't protect your network 100%, that's why you need to deploy IDS and IPS altogether. thanks bro. this make me more comfirm what i have done is correct. so i can do my research paper for intelligent firewall and focus more in IDS and IPS. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 25, 2010 Share Posted October 25, 2010 (edited) thanks bro. this make me more comfirm what i have done is correct. so i can do my research paper for intelligent firewall and focus more in IDS and IPS. I got some reading for you http://www2.fiit.stuba.sk/~bielik/sofsem20...lanky/09Yoo.pdf http://www.google.com.au/url?sa=t&sour...8IhkS5AHs6csMuQ Edited October 25, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
ethicalHacker Posted October 25, 2010 Share Posted October 25, 2010 I got some reading for you http://www2.fiit.stuba.sk/~bielik/sofsem20...lanky/09Yoo.pdf http://www.google.com.au/url?sa=t&sour...8IhkS5AHs6csMuQ thank you so much Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.