-
Good, Free IDS anyone?
Im sorry if this has been posted before. I tried to find a thread for this but came up empty handed. I am setting up a home network from which I plan to run a linux server eventually on a cable modem. I am working on this from the ground up. I am testing different software and different os's to learn their weaknesses and how to protect them. I read that what one really needs, not just a firewall or a virus scanner, is good intrusion detection software. I am wondering if anyone knows of a good one that is free, or any that are for that matter, so that I use them in my testing and learning. I appreciate your help. If there are no free ids's then what are some good ones to purchase? Thanks.
-
Snort (NIDS)
www.snort.org
Ammo
-
Hello. You can go to www.webattack.com they have over 2000 freeware shareware and adons. There is lots of up to date firewalls and virus snanners also and a lots of net work stuff. Have fun and good luck.
wortcraft
-
/me agrees with ammo!
Snort is the way to go.
-
For free, I'd run SNORT on OpenBSD (not on Linux).
If you are ready for a commercial application, NFR rocks (and is cheaper and much more flexible/reliable than ISS).
-
thanks for all your suggestions....I will check them out.
-
snort will work fine on any *nix. It is definately the IDS to use.
You might find it a bit easier to install and configure on freebsd as I believe most of the development for it is done on freebsd.
-
Yes Snort is it. You should also get DeMarc which is a cool graphical interface with SNORT. This is the free Linux version of DeMarc: http://linux.tucows.com/internet/preview/229406.html. They just came out with a windows version and are charging like $20000 for it!
-
Quote:
Originally posted here by TaoJones
Yes Snort is it. You should also get DeMarc which is a cool graphical interface with SNORT. This is the free Linux version of DeMarc: http://linux.tucows.com/internet/preview/229406.html. They just came out with a windows version and are charging like $20000 for it!
not quite right, the professional edition costs loads yes, but the personal edition for windows is as free as the personal edition for *nix.
btw, puresecure is not only a nice graph interface for snort, it features logging to mysql, and displaying logs via a php website, plus having one central for multiple snort sensors, so it is using snort yes, yet add's some nice features on top of that ;)
the homepage for puresecure is http://www.demarc.com
after signing up for a free account, you can download the personal edition from this site
-
Why OpenBSD and why not Linux?