Questions tagged [ids]

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.

Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.

Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.

70 questions

votes

11 answers

Chinese Hacker-Bots attempting to exploit our systems 24/7

Our sites our constantly under attack from bots with IP addresses resolving to China, attempting to exploit our systems. While their attacks are proving unsuccessful, they are a constant drain on our servers resources. A sample of the attacks would…

asked Jul 23 '10 at 17:21

George

votes

2 answers

OSSEC large scale deployment

We have a data-center and as a happy OSSEC user I am trying to convince my management to use it for host intrusion detection. However I have never deployed it on more than a handful of servers and I am not sure if it does scale. Anyone has deployed…

ids ossec

asked May 12 '12 at 17:37

lisa1987

votes

5 answers

Total SA/Engineer Management Software

So, as we've seen all over server fault, and over the years I've built several of each system, System / Network Monitoring (I use nagios) System / Network Trending (I use Cacti) Centralized Log Monitoring (syslog-NG) Host-Based Intrusion Detection…

monitoring wiki ids

asked Jul 23 '10 at 22:15

grufftech

6,620
4
35
37

votes

3 answers

Modern open source NIDS/HIDS and consoles?

Years back we set up an IDS solution by placing a tap in front of our exterior firewall, piping all the traffic on our DS1 through an IDS box and then sending the results off to a logging server running ACiD. This was around 2005-ish. I've been…

linux security openbsd snort ids

asked Oct 22 '09 at 14:24

MattC

votes

2 answers

Updating snort rules automatically

I've been working on getting my snort machine up and running, and working through Snort IDS and IPS Toolkit. The authors suggest using Oinkmaster, but on that website, the last update was February of 2008. That seems sort of...odd. Maybe there…

security snort ids

asked Oct 26 '09 at 15:12

Matt Simmons

20,218
10
67
114

votes

3 answers

Is there any Linux app available for port scanning monitoring?

Something that will run in background and alert me on mail if some ip is port scanning the server.

linux security ids

asked Feb 23 '10 at 19:19

daniels

1,195
5
15
26

votes

2 answers

Is there an appliance-style distribution with web-based configuration for Snort?

There are some great "appliance" style distributions like pfSense and M0n0wall, that bundle powerful features of their respective operating systems with a nice web application for configuration. In my opinion, these distributions cover a majority…

snort ids distro

asked May 10 '11 at 00:19

user62491

votes

3 answers

ossec features vs snort / tripwire for pci compliance

I'm looking for an informed opinion on the advantages of ossec in comparison to snort/tripwire/nessus Therefore anyone shed any light on what features ossec brings that cant be replicated via tripwire (or iwatch) and snort, perhaps with nessus used…

linux security ids

asked Jul 30 '10 at 14:50

Sirex

5,447
2
32
54

votes

4 answers

What are your thoughts on whether or not to use a bastion host

I'm considering a new network layout for our web facing infrastructure and I'm interested in your thoughts of whether or not to use a bastion host. Is it necessary with today's technology? Right now we have the following configuration: Internet…

security firewall ids

asked Jul 26 '10 at 11:35

Rick

votes

4 answers

Recommend alternative to tripwire?

Looking for a host-based IDS comparable to tripwire. Preferably one that allows centralized management. Right now I use tripwire and though it works management and reporting through a central server would be ideal. I'm looking for recommendations…

security intrusion-detection ids tripwire

asked May 14 '10 at 06:45

CarpeNoctem

2,397
4
23
32

votes

3 answers

IDS for Windows Server 2008?

I am sure my Windows Server 2008 box is constantly under attack both at the network level and web application level. Question is how do I detect these attacks? Is there any light-weight software available which can monitor the server? Note: I am…

windows windows-server-2008 ids

asked Apr 20 '10 at 03:34

Ramaz

votes

2 answers

is there any real Difference between snort and suricata?

Looking to move forward in deploying IDS/IPS on several FreeBSD firewalls and I was curious about the difference between snort and suricata. I know that Suricata is multi-threaded but in terms of rule processing and other how they work is there any…

networking firewall snort ids ips

asked Feb 22 '17 at 13:41

Jason

3,821
17
65
106

votes

3 answers

Blocking Team Viewer

I'd like to block incoming TeamViewer connections to my network, but at the same time to allow outgoing TeamViewer connections. So that users can't connect to their work PCs with TV (circumventing domain authentication) but at the same time could…

firewall ids ips teamviewer

asked Jul 11 '11 at 13:03

Hubert Kario

6,351
6
33
65

votes

1 answer

Standalone Windows HIDS

We are looking into installing a host intrusion detection system on a Windows 2008 R2 web server. Our requirements are, at least for the time being, that the system needs to be standalone and also affordable (a bit vague I know), preferably…

windows-server-2008 ids

asked Mar 24 '11 at 15:26

user75709

votes

5 answers

IDS for Linux?

We need to setup an intrusion detection system (IDS) on our linux proxy server. Please suggest intrusion detection systems ? anything else than Snort ? And ... does snort have a good web interface ?

linux snort ids

asked May 25 '10 at 11:40

nitins

2,527
15
42
65

2 3 4 5 Next