Anyone using an IDS

Discussion in 'polls' started by Alphalutra1, Feb 9, 2006.

?

Are you using an intrusion detection system?

  1. Yes (which one and why?)

    11 vote(s)
    40.7%
  2. No (why not?)

    16 vote(s)
    59.3%
Thread Status:
Not open for further replies.
  1. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I was just wondering if anybody is using an intrusion detection system, and if you are, please post why. If you aren't, post why not.

    I am not, but am currently looking for one to fit my system.

    Alphalutra1
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i assume its different from an HIPS, so what would be an IDS? a program like Snort?
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Exactly what I was driving at
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    well i dont use an IDS as i dont know how to use snort and i know of no other.
     
  5. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Hi again Alpha .
    I do not normally respond to these polls as I find them useless . More of a way for people to waste time . You seem to want some ideas however . Prelude and Prevx are good in this area . I do use an HIPS but , I also use Prevx and Prelude , sometimes . I find Snort to be a pain in the but and will not use it . Besides , Prelude incorporates some of the Snort abilities in an easier to use environment
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    The poll says why not?
    I say why yes?

    IDS - Intrusion ... no one intrudes me. I got Chuck Norris talisman attached to my ip.

    Mrk
     
  7. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    IDS like snort? You mean a NIDS right? Network intrusion detection system?

    Yeah I use one. It's a essential part of your security. Please take off 1 point from your security setup if you don't use it.

    Just kidding.
     
  8. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Hello again hollywoodpc. This is more of a poll for my information, not to be jealous or self centered :p . I like wasting time :D . I was looking for an ids like the one in BlackIce, but free and without the extra firewall junk. So like Snort, but not as complex, and much more user friendly and something that has a GUI.

    Hollywoodpc, I looked at prelude and it flew over my head. I might just use Prevx1r. Still searching though :p. I hope this isn't wasting your time :D

    Alphalutra1
     
  9. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Alpha . NOT AT ALL !
    I was stating that most that start a poll here have nothing better to do . You are looking for advice and I knew that . That is why I responded .
    Prelude is WAYYYY out there . Snort stinks in my opinion because of what you said . Prevx is nice . The easiest of any , I have found . Does a good job too ! It will be interesting if it slows you down at all .
     
  10. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I don't use Snort, a bit too technical for me, but if it was implemented within a software firewall, I'd consider it. I think Tiny Firewall uses Snort rules, but could be wrong on that.
     
  12. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I think Avast AV with its Network Shield and also ProcessGuard has some kind of IDS functions of which I have now. I don't need any more other than that. :rolleyes:
     
    Last edited: Feb 14, 2006
  13. SPEEDY6128

    SPEEDY6128 Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    101
    Last edited: Feb 15, 2006
  14. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Don't you get any conflict running two firewalls together or any internet slowdowns?

    dja2k
     
  15. <DreamCatcher>

    <DreamCatcher> Registered Member

    Joined:
    Jan 6, 2006
    Posts:
    154
    H,

    dont most firewalls have some sort of 'IDS system' running to block/detect when hackers are trying to access your system?
     
  16. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    yes but some firewalls (like zonealarm, lns, and blackice) let u turn off the firewall portion.
    maybe, but its not always listed as a feature. i know sygate, blackice, and tiny mention having an IDS/IPS and outpost has an attack detection plugin but others (like ZA) dont mention any similar feature.
     
  17. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    No. Because I block off avenues of intrusion.
     
  18. fred22

    fred22 Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    229
    so a combo of LnS and BlackIce's BlackICE PC Protection(disabling firewall) should not give any conflict? i like to try this but need some input bfore screwing my system hehe...
     
  19. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    just turn off the firewall (application monitoring is optional) and ur all set. i have a router/firewall and lns so blackice didnt do much of anything. maybe it will help u tho.
     
  20. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Just sort of semantics I guess, but I reserve the phrases IDS and/or IDP as specifically referring to network-based intrusion detection systems (IDS) or intrusion detection & prevention (IDP). Workstation or server level IDS is referred to as HIPS (host intrusion prevention system). Even though sometimes things like attack & vulnerability signatures can be used similarly in both products, I still feel that they are very different technologies. There are some things you can do on a host that just can't be done on the wire, and vice versa. So, to me, if you are running an IDS/IDP, then you are running something like:
     
  21. fred22

    fred22 Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    229
    thanks WSFuser.. i'm gonna try this out :)
     
  22. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
  23. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Yes, Tiny Firewall uses Snort rules. I have IDS on with my TPF.
     
  24. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    An IDS is not really needless for a single computer in a home user environment.
    In a private network and behind a router, the question can be considered; especially for risky soho and small business like online casinos: http://www.crime-research.org/news/16.10.2004/711/

    There's already very good firewalls which integrate IDS features such as Outpost, Injoy, BlackIce and so on.

    An interesting site which links many intrusion protection products:

    http://securitywizardry.com/

    There's open source IDS like Snort, Prelude, Samhain, but they're not useful for only a try.
    But a trial version of Easy-guard Intrusion Alert can be suggested to users who want to experiement this kind of products (an online vulnerability scan can be helpful for alerts): http://www.easy-guard.com/

    Regards
     
  25. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Keep in mind that these are really for servers though . And tend to be expensive .
     
Loading...
Thread Status:
Not open for further replies.