IDS / IPS
IDS
Intrusion Detection System
IPS
Intrusion Prevention Systems
Network-based
- Monitor network traffic
- Match network traffic to signatures (rules)
Host-based
- Have access to the entire host
- Monitor network traffic
- Monitor files, logs
OSSEC
- Host-based
- Support server client (agent), local, hybrid mode
fail2ban
- IPS
- Monitor logs
Snort
- IDS / IPS
- Single-thread
- Network-based
- Use signatures
- Acquired by Cisco
Suricata
- IDS / IPS
- Multi-thread
- Network-based
- Use signatures
- Support most Snort rules
Zeek
- IDS
- Use signatures
- Network-based