Jump to content

(IDS) Intrusion detection systems?


555
 Share

Recommended Posts

Hello,

I have been reading up on intrusion detection systems, and seen that it looks like a hardware firewall with an IDS is the best way to go, but i dont have a whole lot of money. So i was wondering if anyone can recommend a good IDS that will work with windows vista, and also one for ubuntu.

I heard of Snort but it says there is a 5 day lapse? on the free version which i guess means that i can not review the results of the present day until 5 days later? I am looking for something easy to use and also get real time results. Thanks.

Link to comment
Share on other sites

Hello,

I have been reading up on intrusion detection systems, and seen that it looks like a hardware firewall with an IDS is the best way to go, but i dont have a whole lot of money. So i was wondering if anyone can recommend a good IDS that will work with windows vista, and also one for ubuntu.

I heard of Snort but it says there is a 5 day lapse? on the free version which i guess means that i can not review the results of the present day until 5 days later? I am looking for something easy to use and also get real time results. Thanks.

Snort is free, try that first. You will not find an IDS that works out of the box. You have to tune and tweak them to eliminate false positives. This will not be a 20 minute project, this will take you a couple of months. Longer on a home network since there will be no attacks to watch for and flag.

Link to comment
Share on other sites

What's your budget looking like?

I agree with eazy, free is probably best... How many hackers do you think are trying to inflitrate your personal network?

With what's to be gained, I think their efforts are better spent on businesses, since there is more to be had and people are less likely to notice something "weird" happening on the network.

Just a thought :).

Link to comment
Share on other sites

Budget hehe whats that? I guess if i could find a awesome hardware firewall which includes an IDS for 50$ i would probuly get it, but from what ive seen they are ussually like 300$ or more..

I think i'll Snort out, I kind of just want to learn how IDS works and play around with it on my system, maybe set up fake attacks on my computer network from my laptop. Im currently going to college for computer programming and the security part interests me as well.. thanks for your help guys, I'll give Snort a shot. :)

Link to comment
Share on other sites

look into clark connect.

pro version

$85 per year w/ a $25 /yr intrusion detection system for the low budget range, also is ready to go with close to nothing for configuration.

they have a community version that is free but u will still need to buy an intrusion license at 30$/yr

clarkconnect.com

Link to comment
Share on other sites

  • 1 year later...

I was going to mention that if you want network protection against external attacks, you should always go with IDPS, which is a mixture of intrusion detection and prevention.

Snort is the most popular intrusion detection system available on the market, but it detects the attack, it does not prevent the attack.

On the other hand and as suggested by EthicalHacker IPS is what you want. Untangle is an opensource Linux based firewall, that has many advanced features. One of its features is IDP.

You should head out to their website and check it out, its free and you only need to set it up on box.

http://www.untangle.com/

Link to comment
Share on other sites

How Intrusion Detection Works

Intrusion detection is the process of identifying potential threats to networks, computers, databases and other IT devices. Intrusion detection has become increasingly essential with the popularity of the Internet. Many companies have implemented intrusion detection systems to discourage hackers from stealing information and destroying network systems.

Hackers intrude on networks for the purpose of financial gain, industrial espionage, or out of the need to gather attention or protest the apprehension of other hackers. The reasons for hacking are numerous and rapidly increasing as the world relies on the Internet for conducting business and personal use.

How Intrusion Detection Works

Intrusion detection works by collecting information and then examining it for inappropriate occurrences. An IT administrator will use this data to take future preventative measures and make improvements to network security.

An intrusion detection system works by examining the following events:

Observing Activity: The intrusion detection system will observe activity taking place within the network and keep track of user policies and activity patterns to ensure there are no attempts to violate these patterns.

Viruses: Virus and malware can hide within a network system in the form of spyware, keylogging, password theft, and other types of malicious attacks. A good intrusion detection system can spot where they are hiding and then take the necessary steps to remove these hidden files.

Vulnerabilities: When a network system is configured it can create vulnerabilities in system configuration files. In this case the intrusion detection system will identify the vulnerabilities in the configuration files as well as each machine on the network.

File Settings: Authorization files on a network generally consist of a user authorization and a group authorization. The intrusion detection system will check these on a regular basis to ensure they have not been tampered with in any way.

Services: Service configuration files are routinely checked to ensure that the there are no unauthorized services in operation on the network.

Packet Sniffing: Intrusion detection systems check for unauthorized network monitoring programs that may have been installed for the purpose of monitoring and recording user account data activity.

PC Check: The intrusion detection system will check each PC on the network periodically to make sure there have not been any violations or tampering activity. Generally if one PC displays a violation, the system should check all of the other machines on the network.

An intrusion detection system can be run manually but most IT administrators find it easier to automate the system checks to ensure that nothing is accidentally overlooked. It is also necessary to cover all of the bases when it comes to a system check so that statistical analysis can be performed accurately.

Source: http://www.spamlaws.com/how-intrusion-detection-works.html

Edit: What you need to know about IDS:

http://www.windowsecurity.com/articles/Wha...on_Systems.html

http://www.itsecurity.com/features/intrusi...dummies-072906/

Edited by Infiltrator
Link to comment
Share on other sites

so is it firewall + IDS + IPS = intelligent firewall?

Yep pretty much! A firewall alone can't protect your network 100%, that's why you need to deploy IDS and IPS altogether.

Link to comment
Share on other sites

thanks bro. this make me more comfirm what i have done is correct. so i can do my research paper for intelligent firewall and focus more in IDS and IPS.

I got some reading for you

http://www2.fiit.stuba.sk/~bielik/sofsem20...lanky/09Yoo.pdf

http://www.google.com.au/url?sa=t&sour...8IhkS5AHs6csMuQ

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...