| Intrusion Detection System (IDS) are becoming a | | | | The simplest and easiest way to break in is to let |
| very important part of any strategy for | | | | someone have physical access to a system. Despite |
| enterprisesecurity. But what are Intrusion Detection | | | | the best of efforts, it is often impossible to stop |
| systems? CERIAS, The Center for Education and | | | | someone once they have physical access to a |
| Research in Information Assurance and Security, | | | | machine. Also, if someone has an account on a |
| defines it this way: | | | | system already, at a low permission level, another |
| "The purpose of an intrusion detection system (or | | | | way to break in is to use tricks of the trade to be |
| IDS) is to detect unauthorized access or misuse of a | | | | granted higher-level privileges through holes in your |
| computer system. Intrusion detection systems are | | | | system. Finally, there are a lot of ways to gain |
| kind of like burglar alarms for computers. They sound | | | | access to systems even if one is working remotely. |
| alarms and sometimes even take corrective action | | | | Remote intrusion techniques have become harder |
| when an intruder or abuser is detected. Many | | | | and more complex to fight. |
| different intrusion detection systems have been | | | | How does one stop intrusions? |
| developed but the detection schemes generally fall | | | | There are several Freeware/shareware Intrusion |
| into one of two categories, anomaly detection or | | | | Detection Systems as well as commercial intrusion |
| misuse detection. Anomaly detectors look for | | | | detection systems. |
| behavior that deviates from normal system use. | | | | Open Source Intrusion Detection Systems |
| Misuse detectors look for behavior that matches a | | | | Below are a few of the open source intrusion |
| known attack scenario. A great deal of time and | | | | detection systems: |
| effort has been invested in intrusion detection, and | | | | AIDE ( Self-described as "AIDE (Advanced Intrusion |
| this list provides links to many sites that discuss | | | | Detection Environment) is a free replacement for |
| some of these efforts"( | | | | Tripwire. It does the same things as the semi-free |
| There is a sub-category of intrusion detection | | | | Tripwire and more. There are other free |
| systems called network intrusion detection systems | | | | replacements available so why build a new one? All |
| (NIDS). These systems are looking for suspicious | | | | the other replacements do not achieve the level of |
| activity and monitor the packets. Network intrusion | | | | Tripwire. And I wanted a program that would exceed |
| detection systems can monitor many computers at a | | | | the limitations of Tripwire." |
| time over a network, while other intrusion detection | | | | File System Saint ( - Self-described as, "File System |
| systems may monitor only one. | | | | Saint is a lightweight host-based intrusion detection |
| Who wants to breaking into your system? | | | | system with primary focus on speed and ease of |
| One common misconception of software hackers is | | | | use." |
| that it is usually people outside your network who | | | | Snort ( Self-described as "Snort(R) is an open source |
| break into your systems and cause mayhem. The | | | | network intrusion prevention and detection system |
| reality, especially for corporate workers, is that | | | | utilizing a rule-driven language, which combines the |
| insiders can and usually do cause the majority of | | | | benefits of signature, protocol and anomaly based |
| security breaches. Insiders often impersonate people | | | | inspection methods. With millions of downloads to |
| with more privileges then themselves to gain access | | | | date, Snort is the most widely deployed intrusion |
| to sensitive information. | | | | detection and prevention technology worldwide and |
| How do intruders break into your system? | | | | has become the de facto standard for the industry. |