free intrusion detection/prevention system

Hi, I am looking for the best free intrusion detection/prevention system for learning computer security. Any advices?
gabe_boltonAsked:
Who is Participating?
 
Rich RumbleSecurity SamuraiCommented:
Easy and Security you'll find are practically mutually exclusive. UTM's and NGFW's sound well and good, but we've found that people using them don't do security 101 and best practices first. They slap the newest bandaid on the cancer in their network and throw their hands up when that doesn't work. I've removed more UTM/NGFW's than I've put in, and I wouldn't recommend them
As I said, the SecurityOnion is the place you want to start, read up on it, join some mailing lists (emerging-threats, OISF, Snort etc..). All IDS's I've ever encountered use sig's similar to AV. If linux isn't your thing, then you can use Snort or Suricata on windows, maybe Mac's I haven't tried.
-rich
0
 
Sean JacksonInformation Security AnalystCommented:
I don't quite understand.  

My favorite free intrusion/prevention system is OSSEC.  I swear by it.

But using that to learn computer security?  That doesn't make sense.  How would you use a free IDS or IPS teach you about computer security?
0
 
Rich RumbleSecurity SamuraiCommented:
OSSEC is an HIDS, and while I use it, I can't stand it :) The author is probably looking for Suricata, Snort or BroIDS. I'd suggest getting started with the security onion and trying out each. Suricata is currently the leader in network intrusion detection systems, all things considered.
http://blog.securityonion.net/
-rich
0
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
gabe_boltonAuthor Commented:
When I say learning security I probably mean experiencing it. I used Wireshark and can translate the data it captures, but if there is an IDS/IPS that I can install on my home PC without requiring dedicated hardware, multiple NICs and hours of data translation that mimics a hardware UTM with comparable features.

I think I am looking for a system that works like antivirus (which is really one form of intrusion prevention) - this is the traffic through your router - these are the interpretations (e.g. web traffic to -from, dns to - from etc) - these are the known intrusion signatures, software - alert.

Ideally with a human friendly GUI and good recognition performance.

I hope this clarifies what I am after a bit more. I am attempting to build a very secure test environment so I can later offer commercial applications to clients.
0
 
Natty GregIn Theory (IT)Commented:
PFSENSE, its free and it works, plus learning curve but when done right nothing comes close
0
 
gabe_boltonAuthor Commented:
Thank you for your pointers, I will take your advice.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.