Network (and others) Intrusion Detection Systems
I know that Snort is an open source network - knowledge - based IDS. Are there commercial products like Snort?
Are there any open source host-based IDS? What are some commercial products?
Are there any open source behavior-based IDS? I think I know how to do this manually, but this would be terribly time consuming. Would you use products like Tripwire?
Are there any open source host-based IDS? What are some commercial products?
Are there any open source behavior-based IDS? I think I know how to do this manually, but this would be terribly time consuming. Would you use products like Tripwire?
Comments
Anyway..., I have been and still am looking for the same info as I want to include a list of IDS products at the bottom of the TechNotes. Snort is already listed of course, and I also got TippingPoint, a commercial product which our host uses to monitor the network in which our server is located. Other commercial products:
- iForce IDS from Sun Microsystems
- Symantec provides several different related products.
- LanGuard from www.gfi.com (creates some great products for Exchange server)
- Lancope StealthWatch (behavior-based)
- Cisco
I'd also like to include one or more personal IDSs, ie. combined with firewall functionality.
If you don't have a host-based IDS that includes the same functionality (monitoring changes to files).
Apart from http://sourceforge.net/projects/imsafe I haven't come across an open source behavior based IDS, haven't been looking for those in particular though.
I left the binder at work.