| Intrusion Detection System (IDS) are becoming | | | | The simplest and easiest way to break in is |
| a very important part of any strategy for | | | | to let someone have physical access to a |
| enterprisesecurity. But what are Intrusion | | | | system. Despite the best of efforts, it is |
| Detection systems? CERIAS, The Center for | | | | often impossible to stop someone once they |
| Education and Research in Information | | | | have physical access to a machine. Also, if |
| Assurance and Security, defines it this way: | | | | someone has an account on a system already, |
| | | | at a low permission level, another way to |
| "The purpose of an intrusion detection system | | | | break in is to use tricks of the trade to be |
| (or IDS) is to detect unauthorized access or | | | | granted higher-level privileges through holes |
| misuse of a computer system. Intrusion | | | | in your system. Finally, there are a lot of |
| detection systems are kind of like burglar | | | | ways to gain access to systems even if one is |
| alarms for computers. They sound alarms and | | | | working remotely. Remote intrusion techniques |
| sometimes even take corrective action when an | | | | have become harder and more complex to fight. |
| intruder or abuser is detected. Many | | | | |
| different intrusion detection systems have | | | | How does one stop intrusions? |
| been developed but the detection schemes | | | | |
| generally fall into one of two categories, | | | | There are several Freeware/shareware |
| anomaly detection or misuse detection. | | | | Intrusion Detection Systems as well as |
| Anomaly detectors look for behavior that | | | | commercial intrusion detection systems. |
| deviates from normal system use. Misuse | | | | |
| detectors look for behavior that matches a | | | | Open Source Intrusion Detection Systems |
| known attack scenario. A great deal of time | | | | |
| and effort has been invested in intrusion | | | | Below are a few of the open source intrusion |
| detection, and this list provides links to | | | | detection systems: |
| many sites that discuss some of these | | | | |
| efforts"( | | | | AIDE ( Self-described as "AIDE (Advanced |
| | | | Intrusion Detection Environment) is a free |
| There is a sub-category of intrusion | | | | replacement for Tripwire. It does the same |
| detection systems called network intrusion | | | | things as the semi-free Tripwire and more. |
| detection systems (NIDS). These systems are | | | | There are other free replacements available |
| looking for suspicious activity and monitor | | | | so why build a new one? All the other |
| the packets. Network intrusion detection | | | | replacements do not achieve the level of |
| systems can monitor many computers at a time | | | | Tripwire. And I wanted a program that would |
| over a network, while other intrusion | | | | exceed the limitations of Tripwire." |
| detection systems may monitor only one. | | | | |
| | | | File System Saint ( - Self-described as, |
| Who wants to breaking into your system? | | | | "File System Saint is a lightweight |
| | | | host-based intrusion detection system with |
| One common misconception of software hackers | | | | primary focus on speed and ease of use." |
| is that it is usually people outside your | | | | |
| network who break into your systems and cause | | | | Snort ( Self-described as "Snort(R) is an |
| mayhem. The reality, especially for | | | | open source network intrusion prevention and |
| corporate workers, is that insiders can and | | | | detection system utilizing a rule-driven |
| usually do cause the majority of security | | | | language, which combines the benefits of |
| breaches. Insiders often impersonate people | | | | signature, protocol and anomaly based |
| with more privileges then themselves to gain | | | | inspection methods. With millions of |
| access to sensitive information. | | | | downloads to date, Snort is the most widely |
| | | | deployed intrusion detection and prevention |
| How do intruders break into your system? | | | | technology worldwide and has become the de |
| | | | facto standard for the industry. |