IDS

Discussion in 'other anti-malware software' started by trjam, Mar 1, 2007.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Dont know a lot about this technology but was wondering what vendor offers the best at doing this, in conjunction with their AV. Thanks.
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    IDS are enterprise stuff. Usually, they run in their own box. Avast Network Shield and Sygate are two examples of lightweight, desktop-based IDS.
    More information on IDS:
    Whitepapers
    Snort
     
  3. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    STD w\ Snort and lots of other Snort tools (Knoppix Live CD)

    basic description and useful links
    http://en.wikipedia.org/wiki/Snort_(software)

    but it is generally run from a dedicated box inbetween you and the Internet, it can be a very old box however
    basically a glorified router


    possible locations as passive detection

    http://i5.tinypic.com/4gpfpc4.gif
    not prevention where it drops packets determined to be attacks,
    it is possible to build an all in one router\firewall\active packet dropping IDS
    out of almost any computer and a few NICs (network interface cards)
    older computers are actually probably a better solution, requiring less power and producing less heat
    many Pentium 2 computers have been transformed into advanced hybrid DIY routers
     
    Last edited: Mar 1, 2007
  4. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    KAV/KIS has IDS, also version 5 of KAV had it as network protection or something like that, according to help archive of KIS:

    The Intrusion Detection System (IDS) provides additional security on the network level. The goal of the system is the analyze inbound connections, detect port scans on your computer, and filter network packets aimed at exploiting software vulnerabilities. When running, the Intrusion Detection System blocks all inbound connections from an attacking computer for a certain amount of time, and the user receives a message stating that his computer underwent an attempted network attack.
     
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I've done this afew times, snort/drop, ACID, firewall, a good project and well worth it.
    norton has an IDS, with around 800 signatures.
     
Thread Status:
Not open for further replies.