I was just wondering if anybody is using an intrusion detection system, and if you are, please post why. If you aren't, post why not.

I am not, but am currently looking for one to fit my system.

Alphalutra1

i assume its different from an HIPS, so what would be an IDS? a program like Snort?

{QUOTE-> i assume its different from an HIPS, so what would be an IDS? a program like Snort? <-QUOTE}
Exactly what I was driving at

well i dont use an IDS as i dont know how to use snort and i know of no other.

Hi again Alpha .
I do not normally respond to these polls as I find them useless . More of a way for people to waste time . You seem to want some ideas however . Prelude and Prevx are good in this area . I do use an HIPS but , I also use Prevx and Prelude , sometimes . I find Snort to be a pain in the but and will not use it . Besides , Prelude incorporates some of the Snort abilities in an easier to use environment

Hi,
The poll says why not?
I say why yes?

IDS - Intrusion ... no one intrudes me. I got Chuck Norris talisman attached to my ip.

Mrk

IDS like snort? You mean a NIDS right? Network intrusion detection system?

Yeah I use one. It's a essential part of your security. Please take off 1 point from your security setup if you don't use it.

Just kidding.

Hello again hollywoodpc. This is more of a poll for my information, not to be jealous or self centered :P . I like wasting time ;D . I was looking for an ids like the one in BlackIce, but free and without the extra firewall junk. So like Snort, but not as complex, and much more user friendly and something that has a GUI.

Hollywoodpc, I looked at prelude and it flew over my head. I might just use Prevx1r. Still searching though :P. I hope this isn't wasting your time ;D

Alphalutra1

Alpha . NOT AT ALL !
I was stating that most that start a poll here have nothing better to do . You are looking for advice and I knew that . That is why I responded .
Prelude is WAYYYY out there . Snort stinks in my opinion because of what you said . Prevx is nice . The easiest of any , I have found . Does a good job too ! It will be interesting if it slows you down at all .

Prevx1

I don't use Snort, a bit too technical for me, but if it was implemented within a software firewall, I'd consider it. I think Tiny Firewall uses Snort rules, but could be wrong on that.

I think Avast AV with its Network Shield and also ProcessGuard has some kind of IDS functions of which I have now. I don't need any more other than that. ::)

Hi,

I use BlackIce's BlackICE PC Protection IDS alongside my Outpost Pro firewall. They get along really well. The two links below tell you the benefits of running blackice ids alongside another softwarefirewall. I also use VisualICE with blackice as well

http://www.iss.net/security_center/advice/Support/KB/q000129/default.htm


http://www.iss.net/security_center/advice/Support/KB/q000005/default.htm

Also had custmoer support mentioning it to be ok.

Don't you get any conflict running two firewalls together or any internet slowdowns?

dja2k

H,

dont most firewalls have some sort of 'IDS system' running to block/detect when hackers are trying to access your system?

{QUOTE-> Don't you get any conflict running two firewalls together or any internet slowdowns?

dja2k <-QUOTE}
yes but some firewalls (like zonealarm, lns, and blackice) let u turn off the firewall portion.
{QUOTE-> H,
dont most firewalls have some sort of 'IDS system' running to block/detect when hackers are trying to access your system? <-QUOTE}
maybe, but its not always listed as a feature. i know sygate, blackice, and tiny mention having an IDS/IPS and outpost has an attack detection plugin but others (like ZA) dont mention any similar feature.

No. Because I block off avenues of intrusion.

so a combo of LnS and BlackIce's BlackICE PC Protection(disabling firewall) should not give any conflict? i like to try this but need some input bfore screwing my system hehe...

just turn off the firewall (application monitoring is optional) and ur all set. i have a router/firewall and lns so blackice didnt do much of anything. maybe it will help u tho.

Just sort of semantics I guess, but I reserve the phrases IDS and/or IDP as specifically referring to network-based intrusion detection systems (IDS) or intrusion detection & prevention (IDP). Workstation or server level IDS is referred to as HIPS (host intrusion prevention system). Even though sometimes things like attack & vulnerability signatures can be used similarly in both products, I still feel that they are very different technologies. There are some things you can do on a host that just can't be done on the wire, and vice versa. So, to me, if you are running an IDS/IDP, then you are running something like:Snort (http://www.snort.org/)


Sourcefire Intrusion Sensor (http://www.sourcefire.com/products/is.html)


ISS Proventia (http://www.iss.net/products_services/enterprise_protection/proventia/g_series.php)


3Com TippingPoint (http://www.tippingpoint.com/products_ips.html)


Juniper Networks IDP (http://www.juniper.net/products/intrusion/)


McAfee IntruShield (http://www.mcafee.com/us/products/mcafee/network_ips/intrushield_appliances.htm)


Fortinet (http://www.fortinet.com/FortiGuardCenter/idp.html)


TopLayer (http://www.toplayer.com/)

{QUOTE-> just turn off the firewall (application monitoring is optional) and ur all set. i have a router/firewall and lns so blackice didnt do much of anything. maybe it will help u tho. <-QUOTE}

thanks WSFuser.. i'm gonna try this out :)

I'm amazed that no one has mentioned The A-Squared IDS. In fact, that's the Personal version's whole selling point!!!
http://www.emsisoft.com/en/software/ids/

muf

{QUOTE-> I think Tiny Firewall uses Snort rules, but could be wrong on that. <-QUOTE}

Yes, Tiny Firewall uses Snort rules. I have IDS on with my TPF.

Hi,

An IDS is not really needless for a single computer in a home user environment.
In a private network and behind a router, the question can be considered; especially for risky soho and small business like online casinos: http://www.crime-research.org/news/16.10.2004/711/

There's already very good firewalls which integrate IDS features such as Outpost, Injoy, BlackIce and so on.

An interesting site which links many intrusion protection products:

http://securitywizardry.com/

There's open source IDS like Snort, Prelude, Samhain, but they're not useful for only a try.
But a trial version of Easy-guard Intrusion Alert can be suggested to users who want to experiement this kind of products (an online vulnerability scan can be helpful for alerts): http://www.easy-guard.com/

Regards

{QUOTE-> Hi,

An IDS is not really needless for a single computer in a home user environment.
In a private network and behind a router, the question can be considered; especially for risky soho and small business like online casinos: http://www.crime-research.org/news/16.10.2004/711/

There's already very good firewalls which integrate IDS features such as Outpost, Injoy, BlackIce and so on.

An interesting site which links many intrusion protection products:

http://securitywizardry.com/

There's open source IDS like Snort, Prelude, Samhain, but they're not useful for only a try.
But a trial version of Easy-guard Intrusion Alert can be suggested to users who want to experiement this kind of products (an online vulnerability scan can be helpful for alerts): http://www.easy-guard.com/

Regards <-QUOTE}
Keep in mind that these are really for servers though . And tend to be expensive .

WinPatrol & UnHackme.

As you already know I use Outpost with my IDS from blackice, and because I download from bittorent and other various p2p's, blackice every know and then blocks something suspicious. Call this false postives or not, but what ever it is, it seems to block various incoming connections either from browsing the net or from thw above mentioned that seem to get past my Dlink Firewall and Outpost. And before anyone asks, yes i do have my Outpost firewall configured correct. Running it with the IDS plugin, and removing more or less any allowed apps that are listed in Outpost and removing them, and allwoing them only access to the net once when they need it. Also my Dlink has every feature to protect me enabled.By the way, for the new Blackice PC Protection app, there is no way of totally disabling the firewall feature, what you have to do is select "allow all incoming connections" with the firewall settings of Blackice, works the same as disabling it. I read up on it somewhere.

I am using a home brew Perl-based Honeynet with honeypot
works for me (since about 5 years) ...

;)

Hi,

In the past, i've used Nuzzler IDS for a short period.
This soft seems to be not longuer supported by Securepoint/Nuzzler.
But it can be found at Majorgeeks for instance:
http://majorgeeks.com/Securepoint_Intrusion_Detection_System_d2759.html

NB. WinpCap linbrary is integrated in the installer package and the service must be activated in the control panel.
This is a freeware which runs on Windows with no problems.

I suggest to run an online audit at IT-Sec in order to experiment the IDS features (see image): http://www.it-sec.de/vulchke.html

Regards