Skip to main content

IDS / IPS

IDS

Intrusion Detection System

IPS

Intrusion Prevention Systems

Network-based

  • Monitor network traffic
  • Match network traffic to signatures (rules)

Host-based

  • Have access to the entire host
  • Monitor network traffic
  • Monitor files, logs

OSSEC

OSSEC-HIDS

  • Host-based
  • Support server client (agent), local, hybrid mode

fail2ban

  • IPS
  • Monitor logs

Snort

  • IDS / IPS
  • Single-thread
  • Network-based
  • Use signatures
  • Acquired by Cisco

Suricata

Suricata

  • IDS / IPS
  • Multi-thread
  • Network-based
  • Use signatures
  • Support most Snort rules

Zeek

Zeek

  • IDS
  • Use signatures
  • Network-based