(Page 7 of 25)   < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >

Category: Intrusion Detection

Linux Intrusion Detection System (LIDS)
Added 2004-05-17
by Xie Hua Gang, xhg@gem.ncic.ac.cn
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.

Sentry Firewall CD-ROM
Added 2004-04-30
by Obsid
Sentry Firewall CD-ROM Version 1.0 is a Linux based bootable CD-ROM suitable for use as an inexpensive and easy to maintain Firewall or IDS(Intrusion Detection System) Node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk or a local hard drive.

Added 2004-04-27
by The Shmoo Group
Osiris is a host integrity management system that can be used to monitor changes to a network of hosts over time and report those changes back to the administrator(s). Currently, this includes monitoring any changes to the filesystems. Osiris takes periodic snapshots of the filesystem and stores them in a database. These databases, as well as the configurations and logs, are all stored on a central management host. When changes are detected, Osiris will log these events to the system log and optionally send email to an administrator. In addition to files, Osiris has preliminary support for the monitoring of other system information including user lists, file system details, kernel modules, and network interface configurations (not included with in this beta release).

Snort Alert Monitor
Added 2004-03-24
by Sam Freiberg
SAM is a real-time Snort alert monitor. It provides many ways to indicate that you may be experiencing an intrusion attempt on your network, including audio/visual warnings, email warnings, etc.

Rule-based Intrusion Detection System 1.0 (Default)
Added 2004-03-05
by Pankaj Kumar Madhukar
RIDS is a machine learning rule-based intrusion detection system for Linux.

Big Brother
Added 2004-01-06
by Sean MacGuire, sean@iti.qc.ca
Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring.

Added 2004-01-06
by loud-fatbloke
IAMDOH is a tool designed to increase the reliability of an IDS by reducing the number of false positives. It uses existing reliable tools like Nmap, Nessus, and Amap to validate IDS alerts based on the following criteria and techniques: OS identification, service identification, port scanning, vulnerability scanning, online CVE and bug interpretation, and server importance weighting. It only works with Snort at the moment.

Port Scan Attack Detector (psad)
Added 2003-12-29
by Michael Rash
Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, DShield reporting, and automatic blocking of offending IP addresses via dynamic configuration of iptables firewall rulesets. In addition, psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate

Added 2003-12-23
by Ivan Ristic
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.

Added 2003-12-23
by cmusik
SNMPMonitor is a graphical tool for monitoring SNMP devices.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus