The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "EGI CSIRT:TDG/IDS"
| Line 1: | Line 1: | ||
{{new-Egi-csirt-header-TDG}} | {{new-Egi-csirt-header-TDG}} | ||
== Intrusion Detection Systems ( | == Host Based Intrusion Detection Systems (HIDS) == | ||
=== Samhain IDS === | === Samhain IDS === | ||
| Line 11: | Line 11: | ||
=== Tripwire === | === Tripwire === | ||
[http://sourceforge.net/projects/tripwire/ Tripwire®] software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000 | [http://sourceforge.net/projects/tripwire/ Tripwire®] software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000 | ||
== Network Based Intrusion Detection Systems (NIDS) | |||
=== Sort === | |||
[http://www.snort.org/ Snort®] is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS. | |||
Revision as of 12:55, 15 March 2012
EGI-CSIRT Public wiki EGI-CSIRT Private wiki
EGI-CSIRT Contacts | Back to TDG Main
Host Based Intrusion Detection Systems (HIDS)
Samhain IDS
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available.
Ossec
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
Tripwire
Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000
== Network Based Intrusion Detection Systems (NIDS)
Sort
Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.