PDA

View Full Version : IDS

trjam
March 1st, 2007, 02:35 PM
Dont know a lot about this technology but was wondering what vendor offers the best at doing this, in conjunction with their AV. Thanks.
lucas1985
March 1st, 2007, 02:45 PM
IDS are enterprise stuff. Usually, they run in their own box. Avast Network Shield and Sygate are two examples of lightweight, desktop-based IDS.
More information on IDS:
Whitepapers (http://www.asociacion-aecsi.es/documentos.html?op=Intrusion_Detection_System)
Snort (http://www.snort.org/)
Ice_Czar
March 1st, 2007, 03:10 PM
-{ Quote: "

Snort (http://www.snort.org/)" }-

STD w\ Snort (http://s-t-d.org/tools.html) and lots of other Snort tools (Knoppix Live CD)

basic description and useful links
http://en.wikipedia.org/wiki/Snort_%28software%29

but it is generally run from a dedicated box inbetween you and the Internet, it can be a very old box however
basically a glorified router


possible locations as passive detection

http://i5.tinypic.com/4gpfpc4.gif
not prevention where it drops packets determined to be attacks,
it is possible to build an all in one router\firewall\active packet dropping IDS
out of almost any computer and a few NICs (network interface cards)
older computers are actually probably a better solution, requiring less power and producing less heat
many Pentium 2 computers have been transformed into advanced hybrid DIY routers
dah145
March 1st, 2007, 10:52 PM
KAV/KIS has IDS, also version 5 of KAV had it as network protection or something like that, according to help archive of KIS:

The Intrusion Detection System (IDS) provides additional security on the network level. The goal of the system is the analyze inbound connections, detect port scans on your computer, and filter network packets aimed at exploiting software vulnerabilities. When running, the Intrusion Detection System blocks all inbound connections from an attacking computer for a certain amount of time, and the user receives a message stating that his computer underwent an attempted network attack.
Meriadoc
March 2nd, 2007, 08:18 AM
-{ Quote: "Intrusion Detection System (IDS)
out of almost any computer" }-
I've done this afew times, snort/drop, ACID, firewall, a good project and well worth it.
-{ Quote: "'IDS' in conjunction with their AV" }-
norton has an IDS, with around 800 signatures.