Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

free intrusion detection/prevention system

Hi, I am looking for the best free intrusion detection/prevention system for learning computer security. Any advices?
0
gabe_bolton
Asked:
gabe_bolton
1 Solution
 
Sean JacksonCommented:
I don't quite understand.  

My favorite free intrusion/prevention system is OSSEC.  I swear by it.

But using that to learn computer security?  That doesn't make sense.  How would you use a free IDS or IPS teach you about computer security?
0
 
Rich RumbleSecurity SamuraiCommented:
OSSEC is an HIDS, and while I use it, I can't stand it :) The author is probably looking for Suricata, Snort or BroIDS. I'd suggest getting started with the security onion and trying out each. Suricata is currently the leader in network intrusion detection systems, all things considered.
http://blog.securityonion.net/
-rich
0
 
gabe_boltonAuthor Commented:
When I say learning security I probably mean experiencing it. I used Wireshark and can translate the data it captures, but if there is an IDS/IPS that I can install on my home PC without requiring dedicated hardware, multiple NICs and hours of data translation that mimics a hardware UTM with comparable features.

I think I am looking for a system that works like antivirus (which is really one form of intrusion prevention) - this is the traffic through your router - these are the interpretations (e.g. web traffic to -from, dns to - from etc) - these are the known intrusion signatures, software - alert.

Ideally with a human friendly GUI and good recognition performance.

I hope this clarifies what I am after a bit more. I am attempting to build a very secure test environment so I can later offer commercial applications to clients.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Rich RumbleSecurity SamuraiCommented:
Easy and Security you'll find are practically mutually exclusive. UTM's and NGFW's sound well and good, but we've found that people using them don't do security 101 and best practices first. They slap the newest bandaid on the cancer in their network and throw their hands up when that doesn't work. I've removed more UTM/NGFW's than I've put in, and I wouldn't recommend them
As I said, the SecurityOnion is the place you want to start, read up on it, join some mailing lists (emerging-threats, OISF, Snort etc..). All IDS's I've ever encountered use sig's similar to AV. If linux isn't your thing, then you can use Snort or Suricata on windows, maybe Mac's I haven't tried.
-rich
0
 
Natty GregIn Theory (IT)Commented:
PFSENSE, its free and it works, plus learning curve but when done right nothing comes close
0
 
gabe_boltonAuthor Commented:
Thank you for your pointers, I will take your advice.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now