Which One Should I Get?
In June 2003 the research group Gartner declared IDS a failure291, notably due to the false positive issue, as seen in a few paragraphs. As the number of TCP network intrusions has increased over the years, more and more IDSs have been developed, both commercial and non-commercial. As with firewalls, commercial IDS packages can be pricey. Examples of commercial intrusion detection systems you might want to research include:
The most popular open source network IDS, and possibly the most popular one period, is Snort295. SANS Intrusion Detection wizard Stephen Northcutt calls it, the most advanced intrusion detection system money cannot buy.296 Additionally, a comprehensive list of public domain and shareware IDS software can be found at the COAST Intrusion Detection System Resources site297.
If you dont require network-wide monitoring for suspicious activity, check out the following host-specific IDS options, which are only some of the packages in the growing category of freeware, sometimes-open source, IDSs:
The different IDSs have subtly different capabilities, strengths and weaknesses, so before committing to one, do your research! Make sure that the one youve selected does in fact detect the kinds of intrusions you care about, and that the system is able to respond with the types of actions you need. For example, if you need for the system to dial a pager, make sure that it can do these or at least that you can find a pager dialing program out on the net (theyre there ) and that the system can run it.
Be cautious in reading reviews. This industry is evolving rapidly, what with new cracking techniques constantly being developed, and new detection measures being created to identify them, so review comments true about the last version of a package may or may not still apply to the current version. When in doubt, check with the vendor.
296. Northcutt, Stephen, Donald McLachlan, Judy Novack, Network Intrusion Detection: An Analysts Handbook (2nd Edition), New Riders.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.