Want to Implement IDS & IPS In Linux Firewall

5 pts.
Tags:
Firewalls
IDS
IPS
Linux
Linux firewalls
[strong]We are into firewall services, We had our own firewall Hardware & Services. Our Firewall is new in the market & IDS & IPS feture is not available in the firewall. I would like to know from were to get IDS & IPS Signature & certificate so that our firewall will be complete firewall.[/strong]

Software/Hardware used:
Software Linux
ASKED: November 15, 2010  11:09 AM
UPDATED: November 16, 2010  5:10 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Free Network and Protocol Analyzers:

http://www.networkuptime.com/tools/analyzer/

Pay special attention to the last entry (Wireshark)

Good luck

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Subhendu Sen
    iPolicy Networks has a dedicated SWAT team of technical experts whose job is to track new security threats and develop IDS/IPS signatures. The signatures can be automatically downloaded to iPolicy Intrusion Prevention Firewalls deployed for immediate protection of networks. An Intrusion Detection System (IDS) and IPS are security signatures that can be deployed at different levels in a network. IDS & IPS can use different methods of detecting problems, but the most basic method is using signatures. Like an antivirus program checks files for virus signatures, and IDS will check network traffic for patterns associated with malicious network activity. As far as my knowledge the most popular and powerful of the free IDS solutions is "Snort". To install SNORT and configure as ur necessity's. U have to select an interface for Snort to listen on. It can also be run on the internal interface to inspect outgoing traffic. U have to set the IP address range of ur network. Snort has several configuration files, in which the most important are: 1. /etc/snort/snort.conf: This is the primary configuration file 2. /etc/snort/snort.<linuxOS>.conf: This file is created by the Apt installer. 3. /etc/snort/threshold.conf: This file alerts if u're seeing lots of same warning. 4. /etc/snort/rules/: This directory contains the snort rules (firewall signatures). These can be manually updated. Remember u may also add custom IPS signatures. but this is another issue....
    26,090 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following