Snort has always been the leader of network intrusion Detection (IDS) and intrusion prevention tools (IPS) and, as the open source community continues to evolve, Sourcefire for its parent company (for years, Sourcefire offers a full-featured commercial version of vendor support and instant updates snort , while still offering a limited free version of Snort for free, snort is likely to continue to maintain its leadership position with continuous support.
While snort "dominates" the market, other vendors offer similar free tools. Many of these intrusion detection system (IDS) vendors (if not most) combine snort or other Open-source software engines to create powerful, free intrusion detection services.
Security Onion
The security onion is an Ubuntu based Linux distribution for network monitoring and intrusion detection. The mirror can be distributed as a sensor on the network to monitor multiple VLANs and subnets, which is ideal for VMware and virtual environments. This configuration can only be used as IDs and cannot be run as IPs at this time. However, you can choose to use it as a network and host intrusion detection deployment, as well as using services such as Squil, Bro IDs, and Ossec to perform the IDS capabilities of the service. The tool's wiki and document information is rich, and vulnerabilities and errors are documented and reviewed. Although the security onion is strong, it still needs to evolve, of course it takes time.
Ossec
Ossec is an Open-source host intrusion detection System (HIDS), and its functionality is not just intrusion detection. As with most open source IDs products, there are a number of add-on modules that can be combined with the core capabilities of the IDs. In addition to network intrusion detection, OSSEC clients can perform file integrity monitoring and rootkit detection, and real-time alarm, these functions are centralized management, and according to the needs of enterprises to create different policies. OSSEC clients run locally on most operating systems, including Linux versions, Mac OS X, and Windows. It also provides business support through the global support team of trend technology, which is a very mature product.
Openwips-ng
Openwips-ng is a free wireless ids/ips that relies on servers, sensors, and interfaces. It can be run on normal hardware. Its creator is the Aircrack-ng developer, which uses many of the features and services built into Aircrack-ng to scan, detect, and invade defenses. Openwips-ng is modular, allowing administrators to download Plug-ins to add functionality. Its files are not as detailed as some systems, but it allows companies to execute wips with tight budgets.
Suricata
Of all the ids/ips systems available today, Suricata is best able to compete with snort. The system has a snort-like architecture that relies on signatures like snort, and can even use the same emerging threat rule set that VRT snort rules and snort itself uses. Suricata is newer than snort and it will have the chance to catch up on snort. If snort is not your business choice, this free tool is best suited to run on your corporate network.
Bro IDS
The Bro IDs is similar to the security Onion, which uses more IDs rules to determine the source of the attack. Bro IDs uses a combination of tools that used to convert a snort-based signature to a Bro signature, but it's no longer the case now that users can write custom signatures for Bro IDs. The system has a lot of detailed documentation information and has a history of more than 15 years.
Snort is arguably the most powerful tool in most ids/ips markets, including free software and open source ids/ips. The system execution ids/ips described in this article are somewhat different, but they are both practical and free, and cost-saving businesses can use these tools to better protect their networks. (Author: Matthew Pascucci Source: TechTarget China)