Looking for an affordable intrusion detection service.

Good morning.

Is there an affordable intrusion detection service available for small business? It would be ideal for us if there's an application that can be installed on a Windows server with monthly licensing for service, etc...

Any suggestions will be most appreciated.

Thanks
Poly11Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sumeshbnrCommented:
You can use Pfsense (http://babyraj.com/pfsense-is-a-free-and-open-source-firewall-and-router/) .you can add snort ( the best opensource intrusion prevention system ) in to the pfsense firewall and  build a it is completely free .The both are living projects with community support.

How to integrate snort with Pfsense can be found here http://pentestn00b.wordpress.com/2010/11/17/intrusion-detection-using-pfsense-firewall/

Since you are looking for a app for windows you can run this as a virtual machine in Windows using Virtual box (http://babyraj.com/virtualboxes-free-virtualbox-images-of-open-source-operating-systems/) or see their wwebsite http://www.virtualbox.org/ for details it is only avalable in 32 bit package but it support 64 bit guest OS see http://www.virtualbox.org/manual/ch03.html.You can also try Vmware workstation or xen virtualization platforms to install pfsense.

You can also try some paid alternatives of pFsense .Use the software appliances for these.
http://www.untangle.com/store/get-untangle/
http://www.endian.com/en/products/security-gateways-utm/#.UiNNTtLTwdY
 

You can also try forefront thread management gateway which is fully PAID software to directly install in windows
http://www.microsoft.com/en-in/server-cloud/forefront/threat-management-gateway-buy.aspx

But I heard a recent update forefront thread management gateway that they going to discontinue after 2015 see http://technet.microsoft.com/en-us/forefront/ee807302.aspx

If you need more info please ask or wait for what others says...
0
Poly11Author Commented:
Hi Sumeshbnr,

Thank your for the response. We use Virtual Box in our environment for virtual boots of recovered servers, etc... With Pfsense will it be possible to monitor remote sites? We currently backup data from multiple remote sites and would love it if we could monitor the remote sites from a server running at our location.

Thx
0
sumeshbnrCommented:
If the transfer is coming through pfsense then t should work
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

arober11Commented:
Have a look at free / open version of OSSEC, if it suits you can pay for support.

If you have cash to burn / need to pass a SoX / PCI-DSS audit then most of the network kit suppliers offer appliances e.g. Juniper, Watchguard,....
0
Daniel HelgenbergerCommented:
Hi

I just wanted to second sumeshbnr recommendation for pfSense and Snort and add that there is also commercial support as well if you need that.
I did deploy several production systems with pfSense and can gladly say it causes little to no trouble.

Though possible and well tested deploying pfSense in a virtual machine I would not recommend that security and stability  reasons but to set this up in its own hardware. It needs very little performance if you are not planning on routing several 100Mbit.

You can just use any old computer, or build your own embedded box for very little money.
0
sumeshbnrCommented:
Yep .Happy to hear and good advice to not use VM
0
Poly11Author Commented:
Is there an online service available that monitors servers with a client installed? It would be ideal to have a portal we could log into that shows the status of all critical sites, etc... If that is not available then I guess we could setup an old desktop and use Pfsense.

Thx
0
madunix (Fadi SODAH)Commented:
A server with iptables and snort http://www.snort.org/  ( I did it on Linux based server not windows server)  or you could use  http://www.untangle.com/ or  Suricata in conjunction with SnortSam http://www.openinfosecfoundation.org/index.php/download-suricata
Also read http://sectools.org/tag/ids/
0
sumeshbnrCommented:
Yes Open NMS  fully free and open-source a best living project with good communty service this to be installed in server and make the web valablity public if you want to monitor outside from your NW
http://babyraj.com/opennms-opensource-nework-monitoring-tool/


If you wants to run an windows app on aserver and to manage all without an interface try Hostmonitor  http://www.ks-soft.net/hostmon.eng/

It is paid one but offer a reasonable price but comparing to OpenNMS .Open NMS is good
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sumeshbnrCommented:
See this list also http://babyraj.com/hardware-and-app-monitoring-solutions/

I recommend OpenNMs or Nagios (it is very difficult to configure )
0
Poly11Author Commented:
Thank you!
0
sumeshbnrCommented:
So you have selected Open NMS ? Please share your experience as well
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.