.

IDS / IPS software for Lab

<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Thu Jul 21, 2011 7:54 am

IDS / IPS software for Lab

Hi Guys  ;D

This isn't a hacking query of such although it is understanding security in order to defend against hackers.

So I've gained real world exposure monitoring IPS systems although I've never had the chance to implement one and I am a firm believer of understanding the guts of a system.

So my question to you is does anyone know of any good free IPS software which can be configured and tweaked and whatnot which are as robust as one used within an enterprise and runs on windows 7?

I am currently getting my head around Snort although a network manager told me its legacy.  Its seems like the only option in my eyes although I am still searching.

Any thoughts are welcome as ever!  8)
You Cant Resolve Problems Whilst At WAR!
<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Thu Jul 21, 2011 7:56 am

Re: IDS / IPS software for Lab

Just to mention if anyone has used any paid for versions which don't leave a detrimental mark on your wallet then I maybe inclined to part with a small amount of cash.
You Cant Resolve Problems Whilst At WAR!
<<

celord

Post Thu Jul 21, 2011 8:02 am

Re: IDS / IPS software for Lab

Hi, I am a newbe too, but I do not think Snort is legacy, I would keep the effort on that direction.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Jul 21, 2011 8:05 am

Re: IDS / IPS software for Lab

You can try Suricata http://www.openinfosecfoundation.org/in ... d-suricata

It's built on top of SNORT but it's worth a look.
<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Thu Jul 21, 2011 8:18 am

Re: IDS / IPS software for Lab

My argument against snort is that it just detects.  I'm sure its fit for purpose although i am looking for IPS implementation exposure.  Ideally.

cd1zz - Thanks will look into it now.
You Cant Resolve Problems Whilst At WAR!
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu Jul 21, 2011 8:25 am

Re: IDS / IPS software for Lab

FYI Snort doesn't just detect it prevents as well. As a matter of fact, Snort can do whatever you want it to do since you create your own sigs and can assign it to perfom system commands based on triggers. In either event, you could also try HLBR although it hasn't been updated in a while

http://hlbr.sourceforge.net/
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Thu Jul 21, 2011 8:49 am

Re: IDS / IPS software for Lab

Check out Doug Burk's Security Onion.  It includes a couple of engines and a lot of GUIs.

And, btw, snort should not be considered legacy or obsolete yet...it does what it does very well.

hxxp://securityonion.blogspot.com/
Last edited by hell_razor on Thu Jul 21, 2011 11:03 am, edited 1 time in total.
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Thu Jul 21, 2011 9:24 am

Re: IDS / IPS software for Lab

Thanks Snort sounds like the best option then I will stick with that for now and perhaps experiment with other recommendations once Snort is fully functional.

Thanks for your thoughts.
You Cant Resolve Problems Whilst At WAR!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Jul 21, 2011 9:45 am

Re: IDS / IPS software for Lab

For some smaller shops (aka - schools and other,) I've also been glancing over Untangle.

http://www.untangle.com/

Does use snort underneath, and has some other neat little utils and add-on's, both free and for $, for lesser-experienced setups.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Thu Jul 21, 2011 10:47 am

Re: IDS / IPS software for Lab

Good find  :o Thanks hayabusa!
You Cant Resolve Problems Whilst At WAR!
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Thu Jul 21, 2011 4:01 pm

Re: IDS / IPS software for Lab

You can try Suricata http://www.openinfosecfoundation.org/in ... d-suricata

It's built on top of SNORT but it's worth a look.


Suricata is NOT built on top of Snort. Suricata engine is completely written from 0, it supports the rules language from Snort, but it does not use any code from Snort.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Jul 21, 2011 4:04 pm

Re: IDS / IPS software for Lab

@mambru is an active coder on the project......so he would know!!!!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Jul 21, 2011 4:05 pm

Re: IDS / IPS software for Lab

mambru wrote:
You can try Suricata http://www.openinfosecfoundation.org/in ... d-suricata

It's built on top of SNORT but it's worth a look.


Suricata is NOT built on top of Snort. Suricata engine is completely written from 0, it supports the rules language from Snort, but it does not use any code from Snort.


++1
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software