Persio Pucci wrote: > Hello folks, > > I am working on a study to deploy some IDS over my company's network, > and I would like to know what GOOD and RELIABLE Open Source IDS are out > there. I could not find a comparative sheet of any kind (or at least, > not a recent one) so I am asking you guys if you have any good ideas. I > already know Snort. What are the other ones? > > Thank you for your help!
There are many little tools that can be used as IDS-sensors (Snort as network sensor, LibSafe as a very specialized host based sensor, ...). You may have a look at prelude (http://www.prelude-ids.org/) for a complete framework of sensors logging into a central manager. We do have some years of experience with this and it works pretty reliable. Snort is now the default network sensor of prelude. I know there are other frameworks related to Snort only, you may have a look at the Snort website. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
