Here’s a look at five excellent free IDS technologies to consider implementing for your network.
Snort
Snort, which is available for Windows, Fedora, Centos, and FreeBSD, is an open-source network intrusion detection system (NIDS), capable of performing real-time traffic analysis and packet logging on IP networks. It performs protocol analysis, content searching and matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Suricata
Suricata is an open-source package that’s been called “Snort on steroids.” It delivers real-time intrusion detection, intrusion prevention, and network monitoring. Suricata uses rules, signature language, and more to detect complex threats. It’s available for Linux, macOS, Windows, and other platforms. The software is free, and there are several fee-based public training events scheduled each year for developer training. Dedicated training events are also available from the Open Information Security Foundation (OISF), which owns the Suricata code.
Zeek
Formerly known as Bro, Zeek is a powerful network-analysis tool that focuses on network security monitoring as well as general network traffic analysis. Its domain-specific language doesn’t rely on traditional signatures; rather, it logs everything it sees in a high-level network activity archive. Zeek works with Unix, Linux, Free BSD, and Mac OS X.
Prelude OSS
Prelude OSS is the open-source version of Prelude Siem, an innovative hybrid intrusion detection system that’s designed to be modular, distributed, rock-solid, and fast. Prelude OSS is suitable for limited-size IT infrastructures, research organizations, and training. It’s not intended for large-size or critical networks. Prelude OSS performance is limited but serves as an introduction to the commercial version.
Malware Defender
Malware Defender is a host intrusion detection system (HIDS), which monitors a single host for suspicious activity. It’s a free, Windows-compatible intrusion prevention and malware detection system for advanced users. Malware Defender is also an advanced rootkit detector, with many useful tools to detect and remove already installed malware. It’s well-suited for home use, although its instructional material is a bit complicated.
