deepsh.it SnortBoxI STOPED MAKING SNORTBOX AS I AM CURRENTLY EMPLOYED BY THE BEST IPS VENDOR AVAILABLE ON MARKET....
deepsh.it SnortBox Network Intrusion Detection System (NIDS) is my stealth startup project:
the cheapest Network Intrusion Detection System (NIDS) box on market based on Snort™ Intrusion Detection System + MySQL + ACID on FreeBSD box.
deepsh.it SnortBox the cheapest but extremely powerful NIDS appliance.
It's cheap because it my because it based on Snort™, a respectable open source IDS software and build on second-hand hardware
It's powerful because Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort is considered a superior NIDS when compared to most commercial systems: check out an old Network Computing report card on NIDS
based on Snort version 1.7. The current version of Snort is 2.1.
Snort was chosen as best open source product of 2003 according to Information Security Magazine.
If you are a system/network admin and you are currently relying only on firewall, antivirus and backup to protect you network... this box is for you.
Firewall and antivirus alone is just not enough, check out how many SANS TOP 20 vulnerabilities firewall & antivirus can mitigate?!?
Firewall, ANTIVIRUS, IDS comparision in mitigating
SANS TOP Twenty Most Critical Internet Security Vulnerabilities Version 4.0 October 8, 2003:
** Interestingly SANS TOP 20 specifically mention snort to mitigate the Windows Peer to Peer File Sharing (P2P) vulnerability.
Relying only on firewall & antivirus is not enough, because, for example when you configure your firewall to allow inbound Web traffic, you are *not* allowing only inbound Web traffic... you are allowing TCP packets to destination port 80. This means a specially crafted packets can pass you firewall with no problem, and if your Web server has a security hole... Ciaooo
Yeah, Cisco PIX does some application layer check, but still it’s only simple syntax check than can easily fooled. And yes Cisco PIX has also IDS capability but even on ver 6.3, it has not only laughable "up to 55 different attack signatures" but also PIX only covers obsolete ancient attacks like TCP SYN+FIN flags, ping of death...
It is true that using firewall you can mitigate IIS server, SSH server or other vulnerabilities, BUT you have to block these services completely, meaning: you cannot give these services anymore, in most of cases to block important services is not an option.
The very bad news is most of attacks come from inside network not from outside, something that a firewall can hardly protect.
The fact is: most system/network admins don’t know what kind of traffic is running on their network. Most admids have a false sense of security after installing firewall, and just went panic when worms cause havoc on their network, it happened to me too…hehehe
An NIDS sniff all packets that running on the network and check if there is a intrusion attempts: looking for malicious packets.
Unfortunatelly very few organizations have installed NIDS on their network. The problem with NIDS is either very expensive commercial gear (that sometimes do not even do their work job) to cheap hair pulling open source solution.
Like most of open source software snort IS VERY POWERFUL, but it’s not easy to setup & configure…
but don’t worry, deepsh.it SnortBox is coming soon, give you the power of Snort and the easy to use of ACID GUI interface.
> deepsh.it SnortBox NIDS FAQ
> how to buy
|$ Last update: Sun Feb 22 11:33:45 CET 2004 $||© 2003-2004 Omar Gani|