Five free enterprise network intrusion Detection Tool (IDS)

Source: Internet
Author: User
Tags ossec sourcefire

Snort has always been the leader of network intrusion Detection (IDS) and intrusion prevention tools (IPS) and, as the open source community continues to evolve, Sourcefire for its parent company (for years, Sourcefire offers a full-featured commercial version of vendor support and instant updates snort , while still offering a limited free version of Snort for free, snort is likely to continue to maintain its leadership position with continuous support.

While snort "dominates" the market, other vendors offer similar free tools. Many of these intrusion detection system (IDS) vendors (if not most) combine snort or other Open-source software engines to create powerful, free intrusion detection services.

Security Onion

The security onion is an Ubuntu based Linux distribution for network monitoring and intrusion detection. The mirror can be distributed as a sensor on the network to monitor multiple VLANs and subnets, which is ideal for VMware and virtual environments. This configuration can only be used as IDs and cannot be run as IPs at this time. However, you can choose to use it as a network and host intrusion detection deployment, as well as using services such as Squil, Bro IDs, and Ossec to perform the IDS capabilities of the service. The tool's wiki and document information is rich, and vulnerabilities and errors are documented and reviewed. Although the security onion is strong, it still needs to evolve, of course it takes time.

Ossec

Ossec is an Open-source host intrusion detection System (HIDS), and its functionality is not just intrusion detection. As with most open source IDs products, there are a number of add-on modules that can be combined with the core capabilities of the IDs. In addition to network intrusion detection, OSSEC clients can perform file integrity monitoring and rootkit detection, and real-time alarm, these functions are centralized management, and according to the needs of enterprises to create different policies. OSSEC clients run locally on most operating systems, including Linux versions, Mac OS X, and Windows. It also provides business support through the global support team of trend technology, which is a very mature product.

Openwips-ng

Openwips-ng is a free wireless ids/ips that relies on servers, sensors, and interfaces. It can be run on normal hardware. Its creator is the Aircrack-ng developer, which uses many of the features and services built into Aircrack-ng to scan, detect, and invade defenses. Openwips-ng is modular, allowing administrators to download Plug-ins to add functionality. Its files are not as detailed as some systems, but it allows companies to execute wips with tight budgets.

Suricata

Of all the ids/ips systems available today, Suricata is best able to compete with snort. The system has a snort-like architecture that relies on signatures like snort, and can even use the same emerging threat rule set that VRT snort rules and snort itself uses. Suricata is newer than snort and it will have the chance to catch up on snort. If snort is not your business choice, this free tool is best suited to run on your corporate network.

Bro IDS

The Bro IDs is similar to the security Onion, which uses more IDs rules to determine the source of the attack. Bro IDs uses a combination of tools that used to convert a snort-based signature to a Bro signature, but it's no longer the case now that users can write custom signatures for Bro IDs. The system has a lot of detailed documentation information and has a history of more than 15 years.

Snort is arguably the most powerful tool in most ids/ips markets, including free software and open source ids/ips. The system execution ids/ips described in this article are somewhat different, but they are both practical and free, and cost-saving businesses can use these tools to better protect their networks. (Author: Matthew Pascucci Source: TechTarget China)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.