< Prev 2 3 4 5 6 7 8 9 10 11 12 Next >
Category: Intrusion Detection
Linux Intrusion Detection System (LIDS)
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
Sentry Firewall CD-ROM
Sentry Firewall CD-ROM Version 1.0 is a Linux based bootable CD-ROM suitable for use as an inexpensive and easy to maintain Firewall or IDS(Intrusion Detection System) Node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk or a local hard drive.
Osiris is a host integrity management system that can be used to monitor changes to a network of hosts over time and report those changes back to the administrator(s). Currently, this includes monitoring any changes to the filesystems. Osiris takes periodic snapshots of the filesystem and stores them in a database. These databases, as well as the configurations and logs, are all stored on a central management host. When changes are detected, Osiris will log these events to the system log and optionally send email to an administrator. In addition to files, Osiris has preliminary support for the monitoring of other system information including user lists, file system details, kernel modules, and network interface configurations (not included with in this beta release).
Snort Alert Monitor
SAM is a real-time Snort alert monitor. It provides many ways to indicate that you may be experiencing an intrusion attempt on your network, including audio/visual warnings, email warnings, etc.
Rule-based Intrusion Detection System 1.0 (Default)
RIDS is a machine learning rule-based intrusion detection system for Linux.
Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring.
IAMDOH is a tool designed to increase the reliability of an IDS by reducing the number of false positives. It uses existing reliable tools like Nmap, Nessus, and Amap to validate IDS alerts based on the following criteria and techniques: OS identification, service identification, port scanning, vulnerability scanning, online CVE and bug interpretation, and server importance weighting. It only works with Snort at the moment.
Port Scan Attack Detector (psad)
Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, DShield reporting, and automatic blocking of offending IP addresses via dynamic configuration of iptables firewall rulesets. In addition, psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.
SNMPMonitor is a graphical tool for monitoring SNMP devices.
Browse by category