What are some common tools for intrusion detection?
Solution 1
From their about page:
Originally released in 1998 by Sourcefire founder and CTO Martin Roesch, Snort is a free, open source network intrusion detection and prevention system capable of performing real-time traffic analysis and packet logging on IP networks. Initially called a “lightweight” intrusion detection technology, Snort has evolved into a mature, feature-rich IPS technology that has become the de facto standard in intrusion detection and prevention. With nearly 4 million downloads and approximately 300,000 registered users Snort, it is the most widely deployed intrusion prevention technology in the world.
Solution 2
Why don’t you check http://sectools.org/
Solution 3
Is an open source (though there's a closed source version) integrity checker that uses hashes to detect file modifications left behind by intruders.
Solution 4
OpenBSD has mtree(8): http://www.openbsd.org/cgi-bin/man.cgi?query=mtree It checks whether any files have changed in a given directory hierarchy.
Solution 5
Logcheck is a simple utility which is designed to allow a system administrator to view the logfiles which are produced upon hosts under their control.
It does this by mailing summaries of the logfiles to them, after first filtering out "normal" entries. Normal entries are entries which match one of the many included regular expression files contain in the database.
You should watch your logs as one part of a healthy security routine. It'll also help trap a lot of other (hardware, auth, load...) anomalies.
Related videos on Youtube
setzamora
Updated on September 17, 2022Comments
-
setzamora almost 2 years
Please give a brief description for each tool.
-
gvkv almost 14 yearsIs that ad copy?