Category:Intrusion Detection Systems

From SecurityForest


  • Snort Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg: A free intrusion detection system (IDS) for the masses.
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggest that the Analysis Console for Intrusion Databases (ACID) (http://www.andrew.cmu.edu/user/rdanyliw/snort/snortacid.html) be used with Snort.
BASE is the fork of ACID which is being supported. It can be found at Sourceforge.net (http://sourceforge.net/projects/secureideas)
http://www.snort.org
  • Prelude-IDS Image:Lin.jpg Image:Bsd.jpg :full featured Hybrid Intrusion Detection System distributed under the GPL.
Founded in 1998, Prelude is an innovative HIDS designed to be very modular, distributed, rock solid and fast.
http://www.prelude-ids.org/
  • LIDS Image:Lin.jpg : A Linux kernel intrusion detection/defense system
http://www.lids.org
  • Tripwire Image:Lin.jpg Image:Bsd.jpg Image:Win.jpg  :is a tool that checks to see what has changed on your system.
The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc.
http://www.tripwire.org
  • arpwatch : Keeps track of ethernet/ip address pairings and can detect certain monkey business
  • AIDE Image:Lin.jpg Image:Bsd.jpg : File integrity monitor/host intrusion detection system
AIDE (Advanced Intrusion Detection Environment) is a host intrusion detection system; more specifically, a file integrity checker. AIDE constructs a database of file attributes, including permissions, inode number, user, group, and file size. AIDE also creates a cryptographic checksum or hash of each file. Once a system has been compromised, a system administrator can check which essential files and programs have been modified or trojaned.
http://www.cs.tut.fi/~rammer/aide.html
http://sourceforge.net/projects/aide/
Iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators..
http://www.netfilter.org/projects/iptables/index.html
  • Bro Image:Lin.jpg Image:Bsd.jpg :Powerful Intrusion Detection with real time analysis
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro detects intrusions by first parsing network traffic to extract is application-level semantics and then executing event-oriented analyzers that compare the activity with patterns deemed troublesome. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts).
http://bro-ids.org/

Articles in category "Intrusion Detection Systems"

There are 0 articles in this category.
Retrieved from "http://www.securityforest.com/wiki/index.php/Category:Intrusion_Detection_Systems"
Advertisement