TechSpot

Intrusion Detection System

By RJ3301
Feb 19, 2007
  1. I am looking for an IDS that tracks an intruders activities in the event of a breach. Thanks.
     
  2. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    You mean something that recognises a breach and then, instead of blocking the attempt, carefully starts to monitor and log the attacker's activities?

    There can be no automated solution for that. You'd need all the breaches and the attackers to act in a predictable (machine-trackable) way and that's just impossible. Besides, an IDS can only monitor stuff that goes through it. So if I can break into a system on your LAN and get an SSH tunnel going, then I can do everything on your LAN through that SSH tunnel without the IDS being able to see anything but encypted packets.

    Maybe you are interested in so-called honepots or honeynets instead?
     
  3. RJ3301

    RJ3301 TS Rookie Topic Starter

    I've looked at that option as well. Maybe I should have worded my request that I was interested in some type of utility to work in conjunction with an IDS.
    I've also found a program known as Tripwire, that while it doesn't protect your network, it tracks changes made to files on an ongoing basis in the event of a breach.
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,330   +622

    Tripwire and IDS Issues

    Tripwire -->YES :giddy: does exactly what an IDS is intended for!

    For Windows systems, install Gygwin as a Unix compatible interface.
    Under that, Install Tripwire.

    Now for the lecture ( sorry )

    All IDS systems are reactive just like all AV systems; they're useful after
    your system is infected. The nice facility of the IDS is it provides postmortem
    analysis as to WHAT WAS CHANGED
    (since the last base line was taken) and therein lies the problem --
    keeping it up todate with every install.

    You save space and time by configuring an IDS to scan ONLY those areas which
    impact the integrity of the System; meaning you avoid scanning USER directories.
    IMO, users are recovered via a backup solutions.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...