|
Bro |
|
Software |
Vern Paxson |
http://www.icir.org/vern/bro-info.html |
|
Bro is an intrusion detection
system that works by passively watching traffic seen on a
network link. It is built around an event engine that
pieces network packets into events that reflect different types
of activity. Some events are quite low-level, such as the
monitor seeing a connection attempt; some are specific to a
particular network protocol, such as an FTP request or reply;
and some reflect fairly high-level notions, such as a user
having successfully authenticated during a login session.
Bro runs the events produced by the event engine through a
policy script, which you (the Bro administrator) supply,
though in general you will do so by using large portions of the
scripts (``analyzers''; see below) that come with the Bro
distribution. |
|
FREEWARE |
Information Updated:05 Mar 2003 |
|
|
|
 |
|
Cisco Secure IDS
(formerly NetRanger) |
|
Appliance |
Cisco Systems, Inc., San Jose, CA |
http://www.cisco.com/en/US/products
/sw/secursw/ps2113/index.html |
|
The Cisco®
Intrusion Detection System (IDS) is designed to efficiently
protect your data and information infrastructure. With the
increased complexity of security threats, achieving
efficient network intrusion security is critical to
maintaining a high level of protection. Vigilant protection
ensures business continuity and minimizes the effects of
costly intrusions.
|
|
|
COMMERCIAL |
Information Updated:
13 Nov 2004 |
|
Cyclops |
|
|
e-Cop.net Pte Ltd |
http://www.e-Cop.net |
|
Snort-based Cyclops IDS
provides advanced and flexible intrusion detection at Gigabit
speeds and secures networks by performing high-speed packet
analysis to detect malicious activities in real-time and
automatically launch preventive measures before security can be
compromised. The software is pre-loaded with a hardened UNIX OS
for better security and comes with user interface, optimized
hardware, data analysis, policy management and forensic
capabilities. The installed IDS appliance can be placed on any
network node, or on multiple nodes in a distributed set-up. |
|
COMMERCIAL |
Information Updated:29 Sep 2003
|
|
Dragon Sensor |
|
|
Entrasys Networks Inc |
http://www.enterasys.com/products/ids/ |
|
The Dragon Sensor monitors network choke
points for evidence of malicious activity. It then reports this, along
with a forensic record of the event, to the Dragon Server for
alerting, analysis and long-term storage. The Dragon Sensor is
available in software licenses, software bundles or in a high speed
appliance.
The Dragon Sensor detects suspicious
activity with both signature based and anomaly based techniques.
Dragon Sensor's library of attacks detects thousands of potential
network attacks and probes, and more importantly hundreds of
successful system compromises and backdoors.
|
|
COMMERCIAL |
Information Updated: 22 Jan 2002 |
|
|
|
E-Trust IDS
aka SessionWall3 |
|
|
Computer Associates International, Inc., |
http://www3.ca.com/Solutions/Product.asp?ID=163 |
|
eTrust
Intrusion Detection delivers state-of-the-art network protection
including but not limited to, defence against deployment and execution
of Distributed Denial of Service (DDOS) attacks, malicious and
unauthorized use of internet facilities and other network misuse
events.
eTrust Intrusion Detection includes an integrated URL scanning
engine. This auto updating solution, allows administrators to view and
check the content of all TCP/IP sessions in real time to monitor
compliance with a companies acceptable usage policy (AUP).All incoming
and outgoing traffic is checked against a categorized list of websites
to ensure compliance. It is then checked for content, malicious codes
and viruses. If a violation occurs the sensor will notify the
administrator of offending payloads. |
|
COMMERCIAL |
Information Updated: 23 Jan 2002 |
|
Manhunt |
|
|
Symantec
Corporation.
|
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=156 |
|
Symantec ManHunt
provides high-speed, network intrusion detection, real-time analysis
and correlation, and proactive prevention and response to protect
enterprise networks against internal and external intrusions and
denial-of-service attacks. The ability to detect unknown threats,
using protocol anomaly detection, helps eliminates network exposure
and the vulnerability inherent in signature-based intrusion
detection products. Symantec ManHunt traffic rate monitoring
capability allows for detection of stealth scans and
denial-of-service attacks that can cripple even the most
sophisticated networks |
|
COMMERCIAL |
Information Updated: 20 Jan 2004 |
|
NetDetector |
|
|
NIKSUN, Inc. |
http://www.niksun.com/index.php?id=194 |
|
NetDetector is a network
surveillance system for IP networks that provides non-intrusive,
continuous traffic recording and real-time traffic analysis.
NetDetector records network traffic, analyzes every packet, detects
the activities of intruders, sets alarms for real-time alerting, and
gathers evidence for post-event analysis and legal prosecution.
|
|
COMMERCIAL |
Information Updated: 25 Aug 2002 |
|
RealSecure Network |
|
|
Internet Security Systems |
http://www.iss.net/products/RealSecure_Network_10-100/product_main_page.html |
|
RealSecure Network 10/100 software provides network intrusion detection and response capabilities that
monitor 10/100Mbps network segments within a centralized operational and management framework.
Supporting commonly deployed operating system environments, RealSecure Network 10/100's market-leading
technology and superior security intelligence deliver exceptional network security performance and
unprecedented accuracy in detecting malicious threats.
RealSecure Network 10/100 installations are centrally managed through Proventia Management SiteProtector.
Also see the
RealSecure Network Gigabit product.
|
|
COMMERCIAL |
Information Updated: 22 June 2007
|
|
|
|
Sourcefire
Intrusion Management System |
|
Appliance |
Sourcefire Inc |
http://www.sourcefire.com/products/sensor.html |
|
Sourcefire Intrusion Management System (IMS)
- delivering all of the capabilities needed to proactively defend
against intruders. Sourcefire, founded by the original creators of
award-winning Snort, offers a comprehensive system that gives one
granular flexibility, scalability, and complete data management.
Sourcefire IMS protection and allows users to customize every
aspect of the system to suit their specific environment and security
needs.
Sourcefire Network Sensors (NS) provides effective intrusion detection
by enhancing the proven Snort technology and adding an easy to use
interface, optimized hardware, powerful data analysis, policy
management and forensic capabilities. Network Sensor can monitor all
networks - even beyond Gigabit speeds.
* Sourcefire NS 1000 monitors 22Mbps networks
* Sourcefire NS 2000 monitors 100Mbps networks
* Sourcefire NS 2100 monitors 250 Mbps networks
* Sourcefire NS 3000 monitors gigabit networks
Sourcefire Management Console (MC) provides centralized management of
remote, distributed sensors and has integrated data management. It
manages, correlates, and analyzes event data so that informed
decisions can be made to best protect the network. |
|
COMMERCIAL |
Information Updated: 5 Jan 2003 |
|
RealSecure Network |
|
|
Internet Security Systems |
http://www.iss.net/products/RealSecure_Network_10-100/product_main_page.html |
|
RealSecure Network 10/100 software provides network intrusion detection and response capabilities that
monitor 10/100Mbps network segments within a centralized operational and management framework.
Supporting commonly deployed operating system environments, RealSecure Network 10/100's market-leading
technology and superior security intelligence deliver exceptional network security performance and
unprecedented accuracy in detecting malicious threats.
RealSecure Network 10/100 installations are centrally managed through Proventia Management SiteProtector.
Also see the
RealSecure Network Gigabit product.
|
|
COMMERCIAL |
Information Updated: 22 June 2007
|
|
SHADOW
Secondary Heuristic Analysis for Defensive Online Warfare |
|
Software |
US
Navy |
http://www.nswc.navy.mil/ISSEC/CID/
|
|
The
program’s secret is simple: Unlike commercially available software
that scans reams and reams of data to check for keywords that could
indicate an attack, SHADOW monitors only who is sending information
where. It doesn’t check the contents of the communication at all
It
is
freely distributed online. Like most open source programs, there
is some documentation, but no official support -- although there is a
huge community of programmers who have looked at the code and have
written improvements and continue to tinker with the way it functions.
http://www.techweb.com/wire/story/TWB19981008S0010
|
|
FREEWARE |
Information Updated: 6 Jan 2001 |
|
|
|
Shoki
|
|
Software |
|
http://shoki.sourceforge.net
|
|
Shoki is a NIDS intended to be simple, modular, and flexible.
Currently supported functionality includes:
-
Signature matching using libpcap-style filter expressions
-
Signatures based on POSIX extended regular expressions
-
Multi-filter rulesets that match individual packets or ordered
series of packets
-
Threshold based logging
-
Fragment reassembly
-
Remote OS identification via passive fingerprinting
-
Logging to a Postgres database
|
|
FREEWARE |
Information Updated: 25 Jan 2002 |
|
SecureNet IDS/IPS
|
|
Software and Appliance |
Intrusion inc |
http://www.intrusion.com/Default.aspx?DN=bee1192e-5a5b-4a44-b653-efce9f846523 |
|
Beyond firewalls, making your network secure requires visibility into the nature and characteristics of network traffic
for identifying and controlling threats from unauthorized users, back-door attackers, and worms and other network malware.
The Intrusion SecureNet System provides critical deep-packet analysis and application awareness, and can be deployed passively
for intrusion detection (IDS) or actively for intrusion prevention (IPS). In both deployment scenarios, the SecureNet System
gives you unsurpassed intelligence about the traffic on your network and removes all of the guesswork involved with establishing
perimeter defenses.
The SecureNet System can be deployed with the broadest range of network configurations. Passive intrusion detection deployments
are possible without costly switch and router resources or reconfiguration, and without creating a failure point in the network.
Intrusion prevention deployments can be configured to block or pass network traffic on failure, with the option for hot-standby
and high availability.
* Software and hardware appliance options
* Available for 10, 100, 250, 1000 Mbit/s networks
* Industry leading price / performance metrics
* Tweak, tune, and create pattern-matching and protocol-decode signatures
* Highly scalable and flexible management with Provider interface
When used for detection, prevention, or both, the Intrusion SecureNet technology is peerless in accurately detecting attacks and
proactively reporting indicators of future information loss or service interruption. By using pattern matching for performance
and protocol decoding for detecting intentional evasion, polymorphic attacks, as well as protocol and network anomalies, the
SecureNet System is ideal for protecting critical networks and valuable information assets. The SecureNet family uses a hybrid
detection model allowing quick and easy updating of network signatures. It also has a scripting language and graphical interface
for tuning, tweaking and creating highly accurate and very specific protocol decode detection signatures. |
|
COMMERCIAL |
Information Updated: 01 Nov 2006 |
|
|
|
SecurityMetrics |
|
Appliance |
SecurityMetrics, Inc |
http://www.securitymetrics.com/securitymetricsappliance.adp |
|
Once connected to your network the Security
Appliance begins sensing all network traffic. It looks at each packet
travelling across the network and determines if the packets are safe
or if they are attacks to your network. It doesn't matter if the
attacks originate from external sources such as hackers on the
Internet or internal sources such as a disgruntled employee. The
SecurityMetrics Appliance will notify you in real-time whenever an
attack occurs on your network. |
|
COMMERCIAL |
Information Updated: 25 Aug 2002 |
|
Snort |
|
Software |
|
http://www.snort.org/ |
|
Snort is a lightweight network intrusion
detection system, capable of performing real-time traffic analysis
and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of
attacks and probes, such as buffer overflows, stealth port scans, CGI
attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it
should collect or pass, as well as a detection engine that utilizes
a modular plugin architecture. Snort has a real-time alerting
capability as well, incorporating alerting mechanisms for syslog, a
user specified file, a UNIX socket, or WinPopup messages to Windows
clients using Samba's smbclient.
Snort has three primary uses. It can be used as a straight packet
sniffer like tcpdump(1), a packet logger (useful for network traffic
debugging, etc), or as a full blown network intrusion detection
system.
Snort logs packets in either tcpdump(1) binary format or in Snort's
decoded ASCII format to logging directories that are named based on
the IP address of the "foreign" host |
|
FREE! |
Information Updated:29 Oct 2000 |
|
Last page update: 22 June
2007 |
|
