Avatar of Poly11
Poly11Flag for United States of America asked on

Looking for an affordable intrusion detection service.

Good morning.

Is there an affordable intrusion detection service available for small business? It would be ideal for us if there's an application that can be installed on a Windows server with monthly licensing for service, etc...

Any suggestions will be most appreciated.

Thanks
SecuritySoftware FirewallsVulnerabilities

Avatar of undefined
Last Comment
Sumesh BNR

8/22/2022 - Mon
Sumesh BNR

You can use Pfsense (http://babyraj.com/pfsense-is-a-free-and-open-source-firewall-and-router/) .you can add snort ( the best opensource intrusion prevention system ) in to the pfsense firewall and  build a it is completely free .The both are living projects with community support.

How to integrate snort with Pfsense can be found here http://pentestn00b.wordpress.com/2010/11/17/intrusion-detection-using-pfsense-firewall/

Since you are looking for a app for windows you can run this as a virtual machine in Windows using Virtual box (http://babyraj.com/virtualboxes-free-virtualbox-images-of-open-source-operating-systems/) or see their wwebsite http://www.virtualbox.org/ for details it is only avalable in 32 bit package but it support 64 bit guest OS see http://www.virtualbox.org/manual/ch03.html.You can also try Vmware workstation or xen virtualization platforms to install pfsense.

You can also try some paid alternatives of pFsense .Use the software appliances for these.
http://www.untangle.com/store/get-untangle/
http://www.endian.com/en/products/security-gateways-utm/#.UiNNTtLTwdY
 

You can also try forefront thread management gateway which is fully PAID software to directly install in windows
http://www.microsoft.com/en-in/server-cloud/forefront/threat-management-gateway-buy.aspx

But I heard a recent update forefront thread management gateway that they going to discontinue after 2015 see http://technet.microsoft.com/en-us/forefront/ee807302.aspx

If you need more info please ask or wait for what others says...
ASKER
Poly11

Hi Sumeshbnr,

Thank your for the response. We use Virtual Box in our environment for virtual boots of recovered servers, etc... With Pfsense will it be possible to monitor remote sites? We currently backup data from multiple remote sites and would love it if we could monitor the remote sites from a server running at our location.

Thx
Sumesh BNR

If the transfer is coming through pfsense then t should work
Your help has saved me hundreds of hours of internet surfing.
fblack61
arober11

Have a look at free / open version of OSSEC, if it suits you can pay for support.

If you have cash to burn / need to pass a SoX / PCI-DSS audit then most of the network kit suppliers offer appliances e.g. Juniper, Watchguard,....
Member_2_6582184

Hi

I just wanted to second sumeshbnr recommendation for pfSense and Snort and add that there is also commercial support as well if you need that.
I did deploy several production systems with pfSense and can gladly say it causes little to no trouble.

Though possible and well tested deploying pfSense in a virtual machine I would not recommend that security and stability  reasons but to set this up in its own hardware. It needs very little performance if you are not planning on routing several 100Mbit.

You can just use any old computer, or build your own embedded box for very little money.
Sumesh BNR

Yep .Happy to hear and good advice to not use VM
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Poly11

Is there an online service available that monitors servers with a client installed? It would be ideal to have a portal we could log into that shows the status of all critical sites, etc... If that is not available then I guess we could setup an old desktop and use Pfsense.

Thx
madunix

A server with iptables and snort http://www.snort.org/  ( I did it on Linux based server not windows server)  or you could use  http://www.untangle.com/ or  Suricata in conjunction with SnortSam http://www.openinfosecfoundation.org/index.php/download-suricata
Also read http://sectools.org/tag/ids/
ASKER CERTIFIED SOLUTION
Sumesh BNR

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Sumesh BNR

See this list also http://babyraj.com/hardware-and-app-monitoring-solutions/

I recommend OpenNMs or Nagios (it is very difficult to configure )
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
Poly11

Thank you!
Sumesh BNR

So you have selected Open NMS ? Please share your experience as well