• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 588
  • Last Modified:

Open source intruder detection software

Anybody have a suggestion for a good open-source intruder detection software?
0
neisner
Asked:
neisner
  • 6
  • 4
  • 2
  • +2
3 Solutions
 
neisnerAuthor Commented:
I'm looking for something besides Snort, by the way...
0
 
FalconHawkCommented:
http://sourceforge.net/softwaremap/trove_list.php?form_cat=43

here are 1413 projects for security, all open source.
To get intusion detetion, just type: Intrusion detection and check the "require all words" box
0
 
ahoffmannCommented:
do you mean any kind of firewall or IDS/IPS or forensic tools ?
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
FalconHawkCommented:
i think the intrusion detection he means is against people hacking you
0
 
TolomirAdministratorCommented:
This is at least freeware:

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.  RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys)....

Tolomir
0
 
neisnerAuthor Commented:
to narrow down a little more, i need something that is anomaly-based as opposed to signature-based...
0
 
TolomirAdministratorCommented:
The Rootkitrevealer reveals files, that are hidden by special filepermissions not signatures.

In combination with a decent spyware detector like spybot search & destroy you should be on the safe side.

Tolomir
0
 
ahoffmannCommented:
do you mean something like http://www.imperva.com/
0
 
neisnerAuthor Commented:
actually ahoffmann, that is exactly what i'm looking for...except i am hoping to find something open-source...  free is good...  :)
0
 
ahoffmannCommented:
hmm, AFAIK imperva is lonley with this approach so far ...
keep in mind that this product covers all from network to application level and also some heuristic methods to combine informations gathered at different levels
0
 
chris_calabreseCommented:
I don't know too much about Imperva, but it looks like maybe a combination of a network-layer Intrusion Prevention System (IPS) with an application-layer one. This is not entirely different from what CheckPoint's trying to do in their Proventia appliances or in the Application Security modules of their firewall product.

In the open-source world, you could combine a network IPS like Snort-inline with Apache with the Security module and the proxy module to build something similar.
0
 
ahoffmannCommented:
Chris, this product combines classical network firewall (aka packet filter) and application level firewall (aka web application firewall, aka adaptive proxy, aka web shield) with IDS. Becoming a IPS then. All alerts/events go to a database and the final decision if a packet is delivered depends on the statistics in the database depending on some rules.
It's not a classical packetfilter 'cause it knows about the context of each packet,
nor is it a application level firewall 'cause it behaves like a filter and is not a proxy like all others (AppShield, InterDo, etc.)
and it is not a IPS like others, 'cause it does not need to change rules somewhere else.
The only thing which am I anxious about is its "leraning mode", there is no setup, hence you (as admin) don't know what really happens, and why. Something suspicious ...

Let's see if other experts know of similar products ...
0
 
chris_calabreseCommented:
Yeah, and it makes your toast and coffee in the morning too...
0
 
ahoffmannCommented:
hey, I just gave this link to see if its functionality is something in mind of the questioner ..
besides its claimed functionality, it has an interesting aproach to do things
If I'll get one to check, I see if it "learns" (as it claims: learns everything, even the future ones) to make coffee or beer
:-D
0
 
neisnerAuthor Commented:
thanks for the suggestions guys...  i'm sold on the imperva device as soon as i can see it make beer...  :)
0
 
ahoffmannCommented:
yeah, let me know :~)
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 6
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now