An Intrusion Detection System (IDS) is a system for detection of attacks against a computer or a network. The IDS can complement a firewall complement or run directly on the monitored computer system.
There are two main types of IDS:
Host-based IDS: HIDS are installed on each system to be monitored. They thus have to support the given host operating system. They get information from log files, kernel data,…
Network-based IDS: NIDS try to capture all packets on the network, analyze them and report suspicious activities. These systems also try to recognize attack patterns in the network traffic.
Here are a few open source IDS:
Prelude : Linux
Samhain : Unix, Linux, Windows
Snort : Linux, Mac OS X, Windows
Intrusion Prevention Systems (IPS) are Intrusion Detection Systems (IDS) that can also defend against a specific attack.
The acronym HIPS stands for “Host-based Intrusion Prevention System”. HIPS are IPS running on the computer on which intrusion is to be prevented.
HIPS hook themselves directly into the communication system and decide whether a packet should be forwarded or not (i.e. they can interrupt or pause data streams). They can also check the transferred data and block possibly harmful content.
Here’s a short list of open source HIPS:
Core Force (http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=project&name=Core_Force): it is not technically open source but the license allows it to be reverse engineered, disassembled or decompiled: Windows
DenyHOSTS : Linux, Mac OS X
Fail2ban : Linux, Mac OS X
OSSEC : Linux, Windows, FreeBSD, OpenBSD, NetBSD, Solaris, AIX, HP-UX, Mac OS X.
NIPS (Network IPS) monitor the network traffic in order to protect the connected computer from intruders. They investigate either the content of the transmitted data, the transmissions at the protocol level and/or the type and amount of data traffic in order to indentify possible attack patterns and/or initiate network-related countermeasures.
Snort is the most well-known open source NIPS.
2 thoughts on “Intrusion Detection and Prevention Systems”
Hell o from USA New Berlin Wisconsin. Thank you ,your blog it helps me