Intrusion detection systems

Posted on 2012-03-27
Last Modified: 2013-11-29
I need recommendation for Intrusion Detection system where it can report and tell you what files has been changed and/or lock it down and prevent changing.  I used Snort a while back and wonder if this is a good product or need any alternatives.
Please advice.
Question by:Tiras25
  • 2
  • 2
LVL 16

Accepted Solution

kshays earned 167 total points
ID: 37774877
Well lots of people have probably used snort since it's open source.  You have winsnort also for windows if i'm not mistaking.

You should have a IPS along with the IDS to have a solid security foundation.  The rules you apply in the IDS goes a long way in making it more secure and detailed also.

There are also enterprise class IDS/IPS out there also, but for most snort is good.
LVL 17

Author Comment

ID: 37797735
Bystorm product.  Anyone heard of that?

FileSure for Windows
FileSure for Windows leverages patent-pending technology that operates outside of native-Windows ACLs (Access Control Lists) to provide file access auditing, file access control, and data loss protection.
FileSure is a policy-based product (rules) that is easily configured and managed from a single location. FileSure complements your existing user and group permissions and eliminates the need for you to ever touch an ACL again!
LVL 10

Assisted Solution

pand0ra_usa earned 333 total points
ID: 37803021
You are not necessarily looking for an IDS but a Integrity checker. Windows has one built in for Microsoft specific files called sigverif. If you are looking for a comprehensive application I've used 3rd Brigade in the past that installs an agent on each machine you want to monitor. It does anti virus, firewall, HIDS (detect and/or prevent), integrity checking, and log monitoring.
LVL 17

Author Comment

ID: 37803098
Interesting idea.  How 'comprehensive' app would be different than sigverif from MS.  Maybe that MS tool would be just enough for me.
LVL 10

Assisted Solution

pand0ra_usa earned 333 total points
ID: 37803244
From an integrity checker standpoint, 3rd Brigade will verify any file or folder you define whereas sigverif.exe will only do windows files that have been singed by Microsoft.

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
MITM attack on Android phones 8 82
Understanding Security Log Events 2 16
Data Leak protection 7 39
Extend a Partition 6 12
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now