< Prev 3 4 5 6 7 8 9 10 11 12 13 Next >
Category: Intrusion Detection
fupids (the fuzzy userprofile intrusion detection system) is a user-profile based IDS for the OpenBSD kernel. It modifies certain syscalls in order to detect suspicious behavior. For example, it watches for network devices being set to promiscuous mode, and it watches for the creation of listen() sockets by users. fupids also handles a program profile for your local users, and it can find attackers who overtake existing accounts.
AstroFlowGuard Bandwidth & Security Management
AstroFlowGuard is a Linux-based bandwidth manager, stateful firewall, intrusion detection system, and VPN server. With its user-friendly interface, automatic failover, and smart recovery system, it is the complete tool for anyone wanting to manage bandwidth and network security. It uses a hierarchical class-based system which provides a logical, intuitive view of network classes along with their priorities. It has the ability to manage P2P applications such as Kazaa and the like, manage firewall and bandwidth by time of the day, precedence, strings in any packet, and much more. Diagnose your network by powerful reporting tools that drill down to IP, port, and protocol level with graph and pie charts. It is a self-contained system that offers simple installation by means of a bootable CD and ease of use via a Web based GUI.
Local Area Security Linux
Local Area Security has released the 0.4 MAIN of their 'live CD' security toolkit which fits on a 185MB miniCD. With full Fluxbox desktop and over 250 security related tools encompassing pen testing, forensics, administration, monitoring, etc. Many additions and fixes have been made since the beta version. Along with the addition of the 'toram' boot option which allows it to be run entirely from RAM.
Bait and Switch Honeypot System
The Bait and Switch Honeypot System combines the snort Intrusion Detection System (IDS) with honeypot technology to create a system that reacts to hostile intrusion attempts by marking and then redirecting all "bad" traffic to a honeypot that partially mirrors your production system. Once switched, the would-be hacker is unknowingly attacking your honeypot instead of the real data, while your clients and/or users are still safely accessing the real system. Life goes on, your data is safe, and you get to learn about the bad guy as an added benefit.
ACID XML is a stand alone application that can read and parse snort xml logs. It was inspired by ACID, but was designed so you can get up and running quickly with your logs rather than spending hours getting ACID requirments together and working.it uses QT and expat and it is fully open source.
Saint Jude, Linux Kernel Module
Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal strengths include wide cross-platform portability, excellent stability, support for dynamic IP addresses and NAT, adaptive link compression, single TCP/UDP port usage, a modular design that offloads most crypto tasks to the OpenSSL library, and relatively easy installation that in most cases doesn't require a special kernel module.
wIDSard is a host-based Intrusion Detection System for i386 Linux platform. It intercepts, at user level, system calls specified in a configuration file written by the user. A finite-state automata is used to trace the monitored process. A regular expression based language is used to write the configuration file. If a particular sequence of system calls is intercepted than an appropriate action could be executed (kill the process, log, etc.)
Snort IDScenter is a GUI for Snort IDS on Windows platforms. Configuration and management of the IDS can be done using IDScenter. Main features are: - Snort configuration wizard (variables, preprocessor plugins, output plugins, rulesets) - Alert notification via e-mail, sound or only visual notification - Alert file monitoring (up to 10 files) - MySQL alert detection - Log rotation (compressed archiving of log files) - AutoBlock (using NetworkICE BlackICE Defender you can block attackers IP's that Snort logged) - Integrated log viewer (supports text files, XML and HTML/webpages) - Program execution if an attack was detected - Test configuration feature: fast testing of your IDS configuration, and more .
LogIDS 1.0 is my latest tool and my personal contribution to the IDS field. I think that LogIDS will change the way people view intrusion detection, and may even redefine terms like ?event correlation?. LogIDS 1.0 is a real-time log-analysis based intrusion detection system, or since it can be fed with logs from other kind of IDS, it can be seen as a mega-IDS. The graphical interface presents you with a representation of your network map, where each node (host or subnet) have its own little console window, where the logs belonging to it can eventually be displayed (depending on your rules). You get to specify the format of the log files you want to monitor, apply rules to these log files using field names you have previously defined, and you configure it to correspond to your environment and that's it! Rules can be displaying the fields you choose in the GUI, emit sounds for warnings or alerts, display icons pertaining to the actions depicted in the logs, or disregard the data if it contains no useful data. You can use LogIDS with LogAgent as a log supplier, and monitor logs from varied sources such as, but not limited to, Event Viewer, ComLog, ADSScan, IntegCheck, LogAgent 4.0 Pro, Snort, personal firewalls, most antivirus products, Apache, and just about any other software that produces ASCII log files (with the notable exception of IIS).
Browse by category