Author: SECINT, Posted: Tue Mar 30, 2010 11:46 am Post subject: Information about Security ---- Hello everyone,
It's been several days that I am researching the IDS / IPS (intrusion detection / prevention system) and this is the software for me so lot:
SNORT -
-PRELUDE
BRO -
OSSEC -
OSSIM -
My question:
What is for you the most comprehensive tools to detect an intrusion and then act on the attack?
Have you ever experience with these tools and there are there other more interesting?
Thank you in advance for your reply
Author: gnix, Posted: Mon Apr 05, 2010 8:38 am Post subject: ---- Snort is the de facto standard for IDS/IPS. As any security professional will tell you, Snort is an excellent tool for real-time traffic analysis, packet logging, detection of attacks such as buffer overflows, and prevention of attacks.
gnix
Author: eladl, Posted: Tue Apr 06, 2010 3:03 am Post subject: ---- Snort is a great solution for an open source software you can set up on any server, though there are excellent hardward IDS/IPS available in the market.
OSSEC is more of an HIDS and is a great tool as well, but is configured localy on the server/host.
Whereas OSSEC is HIDS, Snort is NIDS (Network IDS) and operates at the network level.
Author: abrahamj, Posted: Mon Sep 20, 2010 11:02 am Post subject: ---- You try the Ax3soft Sax2, it is a professional network intrusion detection (IDS) and intrusion prevention system (IPS) to detect variety of attacks, including SQL inject attacks, worms, backdoor Trojans, ARP spoof, CGI/WWW attacks, DoS/DDoS, password guessing and so on.