Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 260
  • Last Modified:

IDS (Intrusion Detection Systems)

Hello all,
for those of you that have familiar with IDS (Intrusion Detection Systems), I know the concept but I was wondering if any of you know a site or tuotiral of how to progam a basic IDS software. Or any open source project!
thanks

0
ataleghani
Asked:
ataleghani
1 Solution
 
lrmooreCommented:
look at snort. It is one of the first and still open projects:
http://www.snort.org/
0
 
lrmooreCommented:
Everything you ever wanted to know about Intrustion Detection but were afraid to ask:
http://www.sans.org/rr/intrusion/
0
 
pjedmondCommented:
Also worth having a look at tripwire:)

http://www.tripwire.org/
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
festiveCommented:
Basically an IDS is a pattern matching engine:
you capture data from the interface (promiscuously)
and then run the data through a pattern matching algorithm.
limitations to this approach are usually around complex rules and these systems unless very well written can be fooled by obscuring data (using unicode for example).

Open Source utililies such as Snort are very good.

There are a number of others such as prelude.

If you want to see how these work, or get an insight into the process of detection play with some open source sniffers like Analyzer or Ethereal, set some capture rules - and voila - you have the ability to produce rather crude (but educational) rules.

If you are uninterested in the history and want to do something similar on a WINTEL platform - get snort and IDScenter (windows front-end)

I hope this helps - good luck.
0
 
newyhouseCommented:
To append to festive's comment- it is important to note that not all IDSs rely on network data.  Some IDSs analyze audit logs or compare observed user behavior (perhaps including network data) to profiles of normal user behavior looking for suspicious activity.

Also, some on-the-fly network based IDSs do more than "packet grepping" for malicious strings.  Often times they search for anomalies such as an outgoing TCP connection from a machine that should never need to do such a thing.

As for projects to look into, as mentioned earlier snort.org is definitely a good place to check out.  Also, take a look at this page of ID papers compiled (and in some cases written) by a grad student at RPI:

http://www.cs.rpi.edu/~brancj/research.htm

Steve
0
 
bkrahmerCommented:
There are also honeypot ('decoy servers') and hybrid host/network IDS approaches available.

brian
0
 
lrmooreCommented:
Question asked and answered
points to lrmoore

0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now