Link to home
Start Free TrialLog in
Avatar of Poly11
Poly11Flag for United States of America

asked on

Looking for an affordable intrusion detection service.

Good morning.

Is there an affordable intrusion detection service available for small business? It would be ideal for us if there's an application that can be installed on a Windows server with monthly licensing for service, etc...

Any suggestions will be most appreciated.

Thanks
Avatar of Sumesh BNR
Sumesh BNR
Flag of India image

You can use Pfsense (http://babyraj.com/pfsense-is-a-free-and-open-source-firewall-and-router/) .you can add snort ( the best opensource intrusion prevention system ) in to the pfsense firewall and  build a it is completely free .The both are living projects with community support.

How to integrate snort with Pfsense can be found here http://pentestn00b.wordpress.com/2010/11/17/intrusion-detection-using-pfsense-firewall/

Since you are looking for a app for windows you can run this as a virtual machine in Windows using Virtual box (http://babyraj.com/virtualboxes-free-virtualbox-images-of-open-source-operating-systems/) or see their wwebsite http://www.virtualbox.org/ for details it is only avalable in 32 bit package but it support 64 bit guest OS see http://www.virtualbox.org/manual/ch03.html.You can also try Vmware workstation or xen virtualization platforms to install pfsense.

You can also try some paid alternatives of pFsense .Use the software appliances for these.
http://www.untangle.com/store/get-untangle/
http://www.endian.com/en/products/security-gateways-utm/#.UiNNTtLTwdY
 

You can also try forefront thread management gateway which is fully PAID software to directly install in windows
http://www.microsoft.com/en-in/server-cloud/forefront/threat-management-gateway-buy.aspx

But I heard a recent update forefront thread management gateway that they going to discontinue after 2015 see http://technet.microsoft.com/en-us/forefront/ee807302.aspx

If you need more info please ask or wait for what others says...
Avatar of Poly11

ASKER

Hi Sumeshbnr,

Thank your for the response. We use Virtual Box in our environment for virtual boots of recovered servers, etc... With Pfsense will it be possible to monitor remote sites? We currently backup data from multiple remote sites and would love it if we could monitor the remote sites from a server running at our location.

Thx
If the transfer is coming through pfsense then t should work
Have a look at free / open version of OSSEC, if it suits you can pay for support.

If you have cash to burn / need to pass a SoX / PCI-DSS audit then most of the network kit suppliers offer appliances e.g. Juniper, Watchguard,....
Hi

I just wanted to second sumeshbnr recommendation for pfSense and Snort and add that there is also commercial support as well if you need that.
I did deploy several production systems with pfSense and can gladly say it causes little to no trouble.

Though possible and well tested deploying pfSense in a virtual machine I would not recommend that security and stability  reasons but to set this up in its own hardware. It needs very little performance if you are not planning on routing several 100Mbit.

You can just use any old computer, or build your own embedded box for very little money.
Yep .Happy to hear and good advice to not use VM
Avatar of Poly11

ASKER

Is there an online service available that monitors servers with a client installed? It would be ideal to have a portal we could log into that shows the status of all critical sites, etc... If that is not available then I guess we could setup an old desktop and use Pfsense.

Thx
Avatar of madunix
madunix

A server with iptables and snort http://www.snort.org/  ( I did it on Linux based server not windows server)  or you could use  http://www.untangle.com/ or  Suricata in conjunction with SnortSam http://www.openinfosecfoundation.org/index.php/download-suricata
Also read http://sectools.org/tag/ids/
ASKER CERTIFIED SOLUTION
Avatar of Sumesh BNR
Sumesh BNR
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
See this list also http://babyraj.com/hardware-and-app-monitoring-solutions/

I recommend OpenNMs or Nagios (it is very difficult to configure )
Avatar of Poly11

ASKER

Thank you!
So you have selected Open NMS ? Please share your experience as well