free intrusion detection/prevention system

Posted on 2014-08-12
Last Modified: 2014-08-14
Hi, I am looking for the best free intrusion detection/prevention system for learning computer security. Any advices?
Question by:gabe_bolton
    LVL 5

    Expert Comment

    by:Sean Jackson
    I don't quite understand.  

    My favorite free intrusion/prevention system is OSSEC.  I swear by it.

    But using that to learn computer security?  That doesn't make sense.  How would you use a free IDS or IPS teach you about computer security?
    LVL 38

    Expert Comment

    by:Rich Rumble
    OSSEC is an HIDS, and while I use it, I can't stand it :) The author is probably looking for Suricata, Snort or BroIDS. I'd suggest getting started with the security onion and trying out each. Suricata is currently the leader in network intrusion detection systems, all things considered.

    Author Comment

    When I say learning security I probably mean experiencing it. I used Wireshark and can translate the data it captures, but if there is an IDS/IPS that I can install on my home PC without requiring dedicated hardware, multiple NICs and hours of data translation that mimics a hardware UTM with comparable features.

    I think I am looking for a system that works like antivirus (which is really one form of intrusion prevention) - this is the traffic through your router - these are the interpretations (e.g. web traffic to -from, dns to - from etc) - these are the known intrusion signatures, software - alert.

    Ideally with a human friendly GUI and good recognition performance.

    I hope this clarifies what I am after a bit more. I am attempting to build a very secure test environment so I can later offer commercial applications to clients.
    LVL 38

    Accepted Solution

    Easy and Security you'll find are practically mutually exclusive. UTM's and NGFW's sound well and good, but we've found that people using them don't do security 101 and best practices first. They slap the newest bandaid on the cancer in their network and throw their hands up when that doesn't work. I've removed more UTM/NGFW's than I've put in, and I wouldn't recommend them
    As I said, the SecurityOnion is the place you want to start, read up on it, join some mailing lists (emerging-threats, OISF, Snort etc..). All IDS's I've ever encountered use sig's similar to AV. If linux isn't your thing, then you can use Snort or Suricata on windows, maybe Mac's I haven't tried.
    LVL 9

    Expert Comment

    PFSENSE, its free and it works, plus learning curve but when done right nothing comes close

    Author Closing Comment

    Thank you for your pointers, I will take your advice.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Wiped drive auditing 14 41
    Chrome Internet History 5 590
    Corrupted word doc - document.xml corrupted 24 6,120
    Galaxy S6 Data Recovery 12 40
    The foremost challenge encountered by an investigator at the very beginning of a forensics investigation is, accessing a file/data to read/view its contents. Owing to the fact, a platform is necessary for both; opening as well as examining any file.…
    In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now