Network (and others) Intrusion Detection Systems

jdreddjdredd Member Posts: 33 ■■□□□□□□□□
I know that Snort is an open source network - knowledge - based IDS. Are there commercial products like Snort?

Are there any open source host-based IDS? What are some commercial products?

Are there any open source behavior-based IDS? I think I know how to do this manually, but this would be terribly time consuming. Would you use products like Tripwire?

Comments

  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I'm currently working on the IDS TechNotes for the Security+ exam, it's too detailed already (i.e. for Sec+ the difference between signature and behavior based IDSs is not relevant) so I think I'm going to create a CISSP version first, which covers IDSs in just a bit more detail, and then cut out some pieces to make it suitable for Sec+.

    Anyway..., I have been and still am looking for the same info as I want to include a list of IDS products at the bottom of the TechNotes. Snort is already listed of course, and I also got TippingPoint, a commercial product which our host uses to monitor the network in which our server is located.
    Austin, Texas-based TippingPoint is the leading provider of network-based intrusion prevention systems that deliver in-depth application, infrastructure and performance protection for service providers, enterprises and other institutions. The company was awarded 2004 Product of the Year by Information Security Magazine. For more information, please visit http://www.tippingpoint.com.
    Other commercial products:
    - iForce IDS from Sun Microsystems
    - Symantec provides several different related products.
    - LanGuard from www.gfi.com (creates some great products for Exchange server)
    - Lancope StealthWatch (behavior-based)
    - Cisco

    I'd also like to include one or more personal IDSs, ie. combined with firewall functionality.
    Would you use products like Tripwire?
    If you don't have a host-based IDS that includes the same functionality (monitoring changes to files).

    Apart from http://sourceforge.net/projects/imsafe I haven't come across an open source behavior based IDS, haven't been looking for those in particular though.
  • xetrevxetrev Member Posts: 59 ■■□□□□□□□□
    snort with acid, makes a nice ids mysql database that can be viewed via the web. I also use tripwire on my linux box's with a crontab job to email me at 3am in the moring.
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    I'll get a list of the IDS's listed in the CEH folder...on Wednesday.

    I left the binder at work. icon_confused.gif
Sign In or Register to comment.