The-X
Jan 8 2004, 05:19 PM
Hi!
I'm searching for an Intrusion Protection System... I used the IPS from Tiny Software (included in Tiny Firewall 5) now i'm searching for a new one.. can you help me ?
The X
sysadmin
Jan 8 2004, 05:24 PM
Take a look at this site:
http://www.all-internet-security.com/intrusion_detection/I hope it gives a little help.
Bye,
sysadmin
The-X
Jan 8 2004, 05:45 PM
hmm ok.. its a large list
thx
cji
Jan 13 2004, 07:45 AM
Surprised I didn't see snort on the list. (http://www.snort.org) check that out - I've had a lot of success with it in Linux and the windows port is supposed to be decent.
I've also used the GFI LANGuard which is on the list linked above, and it seems alright, although kinda bloated.
Maffuster
Jan 13 2004, 06:33 PM
I personally use Snort (on a win2k3 box), and I'm really quite happy with it. It's not meant for a newbie, that's for sure though...
jubbly
Jan 13 2004, 06:38 PM
hmm i also suggest snort (the best one around!!) imo.
h11p://www.datanerds.net/~mike/snort.html
that link is for the win32 ported version as the original one is *nix
Greetz
GSecur
Jan 13 2004, 06:47 PM
I would consider snort an Itrusion Detection System not an Intrusion Prevention System. Snort does nothing to stop the attacks.
Maffuster
Jan 13 2004, 07:44 PM
True enough. How does an IPS differ from a firewall then?
Or are we talking about an IDS that dynamically configures a firewall?
cji
Jan 13 2004, 08:38 PM
| QUOTE (Maffuster @ Jan 13 2004, 07:44 PM) |
True enough. How does an IPS differ from a firewall then?
Or are we talking about an IDS that dynamically configures a firewall? |
my understanding is that an IPS is like and IDS that automatically shuts down traffic once an "attack" is detected. it's "active" where an ids is passive. the problem is of course false-positives generated by the IDS could lead to an unwanted stopping of traffic.
I guess we could get into a long debate here about IPS vs IDS and active vs passive and the annoyance of false-positives, but that won't get us anywhere.
I found an interesting article about using honeypots in place of IDS for detection:
http://www.securityfocus.com/infocus/1690while again this is a limited method and won't actively block possible attacks like an IPS would, it's yet another option.
w00dy
Jan 13 2004, 08:46 PM
Checkmate is the only only Intrusion Protection System i have ever used and i loved it. I miss my T2 connection at home.
its not worth having for my current connection.
tzontzo
Jan 15 2004, 08:54 AM
First of all why you need an IDS system ( are you a corporation or a home user ? )
It is very important the answer of this question because based on it it is posible to define an IDS arhitecture. ( IDS are quite different depend of what you need and what you want ).
TrIaNguLaR
Jan 18 2004, 04:01 PM
thanks sysadmin for the site
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
