Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "IDS"

From NetSec
Jump to: navigation, search
(Reverted edits by Zekiel (talk) to last revision by vorst)
Line 1: Line 1:
<b>I</b>ntrusion <b>D</b>etection <b>S</b>ystems, or IDS, are defense mechanisms focused on analyzing the network traffic to detect anomalies or suspicious behavior, generating alerts when any of these situations occurs.
+
<b>I</b>ntrusion <b>D</b>etection <b>S</b>ystems  
  
IDS are used to detect attacks aimed either to a network or to a specific host.  See Also: [[IPS]], [[NIDS]], and [[HIDS]].
+
IDS are used to detect attacks aimed at a network or host.  See Also: [[IPS]], [[NIDS]], and [[HIDS]].
  
 
Tools:
 
Tools:
Line 15: Line 15:
  
 
[http://www.la-samhna.de/samhain/ Samhain] [[HIDS]]
 
[http://www.la-samhna.de/samhain/ Samhain] [[HIDS]]
   Samhain - A file integrity checking [[applications|application]] similar to OSSEC
+
   Samhain - A file integrity checking application similar to OSSEC
  
 
[http://nepenthes.carnivore.it/Nepenthes Nepenthes] [[HIDS]]  
 
[http://nepenthes.carnivore.it/Nepenthes Nepenthes] [[HIDS]]  

Revision as of 05:50, 19 September 2011

Intrusion Detection Systems

IDS are used to detect attacks aimed at a network or host. See Also: IPS, NIDS, and HIDS.

Tools:

Cisco IDS NIDS

 Cisco IDS - A network layer intrusion detection system based off of tcpdump with signature support.

Snort NIDS

 Snort - A network layer intrusion detection system based off of libpcap with signature support and preprocessor support.

OSSEC HIDS

 OSSEC - A host-based intrusion detection system that utilizies log analysis combined with integrity checksums and rootkit detection engines.

Samhain HIDS

 Samhain - A file integrity checking application similar to OSSEC

Nepenthes HIDS

 Nepenthes - A malware connection utility similar to HoneyD

HoneyD HIDS

 HoneyD - A tool for collecting malware and tricking attackers into thinking they've performed a successful attack.