Intrusion Detection Systems
Learn about computer intrusion detection
systems,
how to use them and the list of recommended ones
Unlike home computer protection and security, it takes much more time and
resources to protect commercial enterprise computer systems. While unprotected home computers can cause some
serious problems, its attacks on enterprise computers that can cause a lot more damage, which in turn can affect
the company concerned. Take for example the recent Department of Defense crackdown on
security.
What are Intrusion Detection Systems?Intrusion Detection System (IDS) are a necessary part of any strategy for enterprise security.
What are Intrusion Detection systems? CERIAS, The Center for Education and Research in Information Assurance and
Security, defines it this way:
"The purpose of an intrusion detection system (or IDS) is to detect unauthorized
access or misuse of a computer system. Intrusion detection systems are kind of like burglar alarms for computers.
They sound alarms and sometimes even take corrective action when an intruder or abuser is detected. Many different
intrusion detection systems have been developed but the detection schemes generally fall into one of two
categories, anomaly detection or misuse detection. Anomaly detectors look for behavior that deviates from normal
system use. Misuse detectors look for behavior that matches a known attack scenario. A great deal of time and
effort has been invested in intrusion detection, and this list provides links to many sites that discuss some of
these efforts"
(http://www.cerias.purdue.edu/about/history/coast_resources/intrusion_detection/
)
 |
Strengthen your computer security with intrusion
detection systems that will
detect attacks on your computer and help you to prevent and block
them. |
There is a sub-category of intrusion detection systems called network intrusion
detection systems (NIDS). These systems monitors packets on the network wire and looks for suspicious activity.
Network intrusion detection systems can monitor many computers at a time over a network, while other intrusion
detection systems may monitor only one.
Who is breaking into your system?
One common misconception of software hackers is that it is usually people outside
your network who break into your systems and cause mayhem. The reality, especially for corporate workers, is that
insiders can and usually do cause the majority of security breaches. Insiders often impersonate people with more
privileges then themselves to gain access to sensitive information.
How do intruders break into your system?
The simplest and easiest way to break in is to let someone have physical access to
a system. Despite the best of efforts, it is often impossible to stop someone once they have physical access to a
machine. Also, if someone has an account on a system already, at a low permission level, another way to break in is
to use tricks of the trade to be granted higher-level privileges through holes in your system. Finally, there are
many ways to gain access to systems even if one is working remotely. Remote intrusion techniques have become harder
and more complex to fight.
How does one stop intrusions?
There are several Freeware/shareware Intrusion Detection Systems as well as
commercial intrusion detection systems. We provide you here with the lists of open source systems, as well as
commercial ones.
Open Source Intrusion Detection Systems
Below are a few of the open source intrusion detection systems, listed in alphabet
order:
1. AIDE (http://sourceforge.net/projects/aide) Self-described as "AIDE (Advanced Intrusion
Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and
more. There are other free replacements available so why build a new one? All the other replacements do not achieve
the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire."
2. File System Saint (http://sourceforge.net/projects/fss) - Self-described as, "File System Saint is a
lightweight host-based intrusion detection system with primary focus on speed and ease of use."
3. Snort (www.snort.org)
Self-described as "Snort® is an open source network intrusion prevention and detection system utilizing a
rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With
millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology
worldwide and has become the de facto standard for the industry."
Commercial Intrusion Detection Systems
If you are looking for Commercial Intrusion Detection Systems, here are a few of
these as well, listed in no particular order:
1. Tripwire - http://www.tripwire.com
2. Touch Technology
Inc (POLYCENTER Security Intrusion Detector)
- http://www.ttinet.com
3. Internet Security
Systems (Real Secure Server Sensor)
- http://www.iss.net
4. eEye Digital
Security (SecureIIS Web Server Protection)
- http://www.eeye.com
|