-
Good, Free IDS anyone?
Im sorry if this has been posted before. I tried to find a thread for this but came up empty handed. I am setting up a home network from which I plan to run a linux server eventually on a cable modem. I am working on this from the ground up. I am testing different software and different os's to learn their weaknesses and how to protect them. I read that what one really needs, not just a firewall or a virus scanner, is good intrusion detection software. I am wondering if anyone knows of a good one that is free, or any that are for that matter, so that I use them in my testing and learning. I appreciate your help. If there are no free ids's then what are some good ones to purchase? Thanks.
-
Snort (NIDS)
www.snort.org
Ammo
-
Hello. You can go to www.webattack.com they have over 2000 freeware shareware and adons. There is lots of up to date firewalls and virus snanners also and a lots of net work stuff. Have fun and good luck.
wortcraft
-
/me agrees with ammo!
Snort is the way to go.
-
For free, I'd run SNORT on OpenBSD (not on Linux).
If you are ready for a commercial application, NFR rocks (and is cheaper and much more flexible/reliable than ISS).
-
thanks for all your suggestions....I will check them out.
-
snort will work fine on any *nix. It is definately the IDS to use.
You might find it a bit easier to install and configure on freebsd as I believe most of the development for it is done on freebsd.
-
Yes Snort is it. You should also get DeMarc which is a cool graphical interface with SNORT. This is the free Linux version of DeMarc: http://linux.tucows.com/internet/preview/229406.html. They just came out with a windows version and are charging like $20000 for it!
-
Quote:
Originally posted here by TaoJones
Yes Snort is it. You should also get DeMarc which is a cool graphical interface with SNORT. This is the free Linux version of DeMarc: http://linux.tucows.com/internet/preview/229406.html. They just came out with a windows version and are charging like $20000 for it!
not quite right, the professional edition costs loads yes, but the personal edition for windows is as free as the personal edition for *nix.
btw, puresecure is not only a nice graph interface for snort, it features logging to mysql, and displaying logs via a php website, plus having one central for multiple snort sensors, so it is using snort yes, yet add's some nice features on top of that ;)
the homepage for puresecure is http://www.demarc.com
after signing up for a free account, you can download the personal edition from this site
-
Why OpenBSD and why not Linux?
-
OpenBSD
Mainly,
there is (depending on whose word you take) only one remote hole in the default install in the last six years. No other OS has under gone the line by line code audit that Open has, Theo D. and the others on the project do great work and have amazing results. If you want it free and you want it safe, OpenBSD is the answer. If you want to pay and you wan tit safe, STOP from WangFed is the answer, but I don't think those are sold to just anyone.
visit openbsd.org to get a better idea....
loadc
-
For network intrusion detection I would recommend snort www.snort.org but for host based intrusion detection tripwire is my recommendation. That should come loaded on your linux box but make sure that you take the time to configure it and run it. It will let you know what files have been added/modified/deleted since the database was created. This will come in helpful if you are successfully hacked and need to know what was done.
dAggressor
Oh yeah I almost forgot, I haven't set this one up yet, but am trying to do it in my spare (yeah right) time. The site is located at http://www.lids.org/ it seems to be pretty good, but like I said I haven't used it yet.
-
host based
Well,
for host based, tripwire is a good start, but there are some safeguards I'd put in to make sure it's set, like a non-rewriteable media for the checksums, etc. Otherwise, for host based, I'd look at some of the Network police blotter articles in login; by Ranum. You can find his site at:
pubweb.nfr.com/~mjr, and follow the "conference speaker" link.
thanks,
loadc
-
I know good scanner, and EXTREMELY fast !!!
Angry IP Scanner 2.05
Someone gave it to me so I'm not sure where to find it, I'll search it if you whish
-
Maybe portsentry would be a good choice for ids on a linux server.