can someone help me understand about a Intrusion detection/prevention system

ok i have been looking all over about advanced hardware and maybe it comes down to software security but i was looking at a DLink DSR-250 because it has Intrusion prevention system built in. but then i had some questions and wondered.

1. is an intrusion prevention system=IPS more geared toward VPN's?

2. i read somewhere that you can get an IPS system free off wiki and it directed me to ACARM-ng as well as something called SNORT

so i was wondering is an IPS system like in the d-link router as well as more well known sonicwall or cisco asa 550 are these IPS systems actualy a peiece of software i can run like youd run a anti-virus or firewall? or would i have to either get a box, or have a spare system to run snort or an IPS system

 

Most commercial routers have a firewall that incorporates an IPS. Many software Internet Security suites and also stand alone firewall software firewalls have an IPS feature. Most are designed to prevent denial of service(DoS) attacks only.

Per Wikipedia:

Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection.[7] In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by the user. The program will then perform a specific action based on what has been identified.

For simple home networks and stand-alone PCs, the router or security software IPS solution is usually adequate. DoS attacks these days are mostly directed against large corp., government, and the like networks.

 

IDS: Snort

IPS: Snort+SnortSam

Check Esler's reply here:
http://seclists.org/snort/2012/q1/153

Some other IDS: http://sectools.org/tag/ids/

 

the name says it all but some dont completely understand what it actually does,

look at this way, what if a malicious software tries to run on your machine which has been made today and no AV yet knows about it? how your system gonna know if this is legit or not? thats where IDS/HIPS(behavior belocker) comes in!

they decide what is safe and what's not but analysing the application through various mechanism's, one which is behavior analysis.

as for SNORT home users dont need it, specially those have machines connected through a modem/router to the web so the only intrusion (network ones, which snort looks for) can be made from within the internal network itself.

take care.