LinuxLinks.com
Newbies What Next ? News Forums Calendar
Home | Register | News | Forums | Portal Pages | MyLinks | New | Hot | Link Us

Search/Browse

 Category Gateway
More Options
Category:  


LinuxLinks News
 · Handy Disk Image Tools
 · Nifty Free Image Viewers
 · Compact Text Editors Great for Remote Editing and Much More
 · Excellent Subtitle Editors
 · Small Console Menu Utilities
 · Make Downloading Files Effortless
 · Free Office Suites that Cut The Mustard
 · Low-Spec Hardware? Try these Desktop Environments
 · Powerful Command-line File Transfer Programs
 · Great Apps to Take Notes
(more...)

 

Latest Links
Ubuntu OpenStack
LinHES
listadmin
(more...)

 



Top : Software : Networking : Security : Intrusion Detection

Highlights
Handy Disk Image Tools
There are a number of different ways of mounting an ISO image under Linux. The venerable mount command offers an easy solution. But if you need tools that offer more functionality for working with disk images, try some of the following excellent open source tools.

(Read more)
Kaspersky Anti-Virus
(commercial) Kaspersky Anti-Virus detects and block malicious programs of all types from entering your network: Internet-worms, Trojans, harmful Java and ActiveX applets and computer viruses including those specially developed for Linux.

Links:

  • Bait and Switch Honeypot System
    A multifaceted attempt to take honeypots out of the shadows of the network security model and to make them an active participant in system defense. To do this, we are creating a system that reacts to hostile intrusion attempts by redirecting all hostile traffic to a honeypot that is partially mirroring your production system.
  • Bro
    Bro is a Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Read more
  • check-ps
    check-ps detects rootkits by detecting falsified output and similar anolomies. The ps check should work on anything with /proc, the (currently incomplete) netstat check is more linux specific.
  • devialog
    devialog is a behavior/anomaly-based syslog intrusion detection system which detects unknown attacks via anomalies in syslog. It can generate signatures for ease of management, act upon anomalies in a predefined fashion or perform as a standard log parser.
  • EasyIDS
    EasyIDS is an easy-to-install intrusion detection system based upon Snort. EasyIDS is designed for the network security beginner. EasyIDS includes CentOS Linux, Snort, MySQL, BASE, ntop, oinkmaster, and more.
  • FCheck
    FCheck is an open source Perl script providing intrusion detection and policy enforcement of Windows 95/98/NT/3.x and Unix server administration through the use of comparative system snapshots.
  • File System Saint
    File System Saint is a lightweight host-based intrusion detection system with primary focus on speed and ease of use.
  • Firestorm
    Firestorm is a very lightweight and flexible base for a heirarchical NIDS. It aims to be very fast, support many open protocols and formats.
  • fupids2
    fupids2 is a child of the FUPIDS (Fuzzy Userprofile Intrusion Detection System) project and based on its idea. fupids2 calculates an attacker level for every user on all linux/bsd (and hopefully unix systems too) in your network. fupids2 does not only use the tool-using-behavior of every user like FUPIDS did, it also knows about the buildings and rooms an user normaly uses.
  • fwsnort
    fwsnort parses the rules files included in the snort intrusion detection system and builds an equivalent iptables ruleset for as many rules as possible.
  • HLBR - The invisible IPS
    HLBR is an IPS (Intrusion Prevention System) that works directly at the layer 2 of the OSI model (so it's invisible at the layer 3 - IP). It is an alternative to anyone that needs to integrate an IPS with their firewall system. It is able to analyse the contents of passing packets and block attacks.
  • ICU
    Integrity Checking Utility is a Perl program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email.
  • IDABench
    IDABench is a pluggable framework for intrusion analysis built upon the Naval Surface Warfare Center, Dahlgren Division's SHADOW versions 1.7 and 1.8. IDABench is not intended to be an intrusion detection system, although it can be used as such.
  • ImSafe
    ImSafe is a host-based intrusion detection tool for Linux. It is performing anomaly detection at the process level and tries to detect various type of attacks. What is great about ImSafe is that the system doesn't know anything about the attacks and thus can detect unknown, unpublished attacks or any other form of malicious use of the monitored application.It performs quite well when monitoring usual services like a FTP server, telnet daemon, etc.
  • Industrial Defender
    (commercial) Industrial Defender is a complete integrated multi-layer security solution based on SE Linux which is designed to protect mission-critical control system environments. It provides perimeter protection, NIDS, HIDS, control application security monitoring, performance monitoring and rogue device detection in a manner that accommodates and leverages the unique characteristics of control system environments.
  • krd
    krd is a rootkit detection utility which scan /proc/kcore for interesting data. Suspicious programs (sk, adore, etc.), worms/backdoors/viruses are detected even if running silently in your kernel. For instance, the ASCII string OSF indicates the ELF infector GMON.A is present.
  • LaBrea
    LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time.
  • lids
    Linux IDS Patch (lids) for Linux is an intrusion detect system in Linux kernel
  • Login Anomaly Detection System
    Login Anomaly Detection System detects anomalies in logins and logouts and is able to perform various actions in response.
  • Nabou Advanced Host Intrusion Detection System
    Nabou Advanced Host Intrusion Detection System stores the properties for each file in a dbm database and will warn you if something has been changed on a file. The most important thing to check for, is the MD5-checksum.
  • Nebula Intrusion Signature Generator
    Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as Snort rules and can be used to defend a network from future intrusion attempts.
  • Nift
    Nift is a graphical front-end (written in gtk+) for footprinting tools and methods already freely avaliable.
  • nipper
    nipper processes network device configuration files, performs a security audit and outputs a security report with recommendations and a configuration report. nipper currently supports Cisco IOS, PIX, ASA, FWSM, NMP, CatOS and Juniper NetScreen devices. Read more
  • nLive Core
    nLive Core is a tool that checks network traffic for anomalous applications, hosts, and users. It combines machine learning and anomaly detection technologies and provides comprehensive visibility into the network interior packet traffic. Coupled with extensive reporting capabilities, it is a single solution that secures the network and enables the meeting of compliance requirements.
  • OpenFPC
    OpenFPC is a set of tools that combine to provide a lightweight full-packet network traffic recorder & buffering system. It's design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log management tools.
  • OSSEC HIDS
    OSSEC HIDS is an Open source Host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. All this information is correlated and analyzed by a single engine, creating a very powerfull detection tool. Read more
  • Prelude
    Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language.
  • pyHIDS
    pyHIDS is a simple HIDS (host-based intrusion detection system) for verifying the integrity of a system. It uses an RSA signature to check the integrity of its database. Alerts are written in the logs of the system and can be sent via email to a list of users.
  • Razorback
    Razorback is a framework for an intelligence driven security solution. It consists of a Dispatcher at the core of the system, surrounded by Nuggets of varying types.
  • Realeyes IDS
    The Realeyes IDS captures and analyzes full sessions. When an incident is reported, the graphical user interface will display both halves of the session to determine what occurred. The GUI also provides management of application users, sensors, and a database. Realeyes is a replacement for the RenaissanceCore software.
  • Remote Access Session
    Remote Access Session is a security tool to analyze the integrity of systems. The program tries to gain access to a system using the most advanced techniques of remote intrusion.
  • Ruminate IDS
    Ruminate is a platform for analyzing data transferred through the network. Ruminate focuses on scalability, flexibility, and the ability to perform arbitrary actions on objects transferred through the network.
  • sectool
    sectool is a security tool for RPM based distributions. It can be used for security auditing and intrusion detection. Its goal is to catch mistakes caused by admins or point out things that they were not aware of. It checks system configuration and suspicious settings. It's easily extensible with language independent tests.
  • Sguil
    Sguil (pronounced sgweel) is an analyst console for network security monitoring. Read more
  • Snort Report
    Snort Report is an add-on module for the Snort Intrusion Detection System. It provides realtime reporting from the MySQL database generated by Snort. It requires a platform with MySQL 3.23, PHP 4.0, and Snort 1.8. It has been tested on Redhat 6.2, 7.0, 7.1, and OpenBSD 2.9.
  • snort_inline
    snort_inline is basically a modified version of Snort that accepts packets from iptables and IPFW via libipq instead of libpcap. Read more
  • Suricata
    Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors.
  • sXid
    sXid is an all in one suid/sgid monitoring program designed to be run from cron on a regular basis. Basically it tracks any changes in your s[ug]id files and folders.
  • Tcpreplay
    tcpreplay is a suite of tools to edit and replay captured network traffic. Read more
  • Tiger
    Tiger is a security tool designed to perform audits of UNIX systems. It's useful as an security check tool and as a host intrusion detection tool. Read more
  • Tripwire
    (commercial) Tripwire is a system integrity checker and a utility that compares properties of designated files and directories against information stored in a previously generated database. Read more
  • Trusion
    Trusion is intended to be a cross-platform physical intrusion detection system that uses your webcam to detect movement.
  • ViperDB
    ViperDB is a file checker somewhat similar to Tripwire, but based on different assumptions. It only reports if a change is found and therefore can be run every couple of minutes.
  • VXE
    VXE (Virtual eXecuting Environment) is an Intrusion Prevention System (IPS). It protects UNIX servers from intruders, hacker attacks from network and so on. It protects software subsystems, such as: SMTP, POP, HTTP and any other subsystem, already installed at the server.
  • WormTrack
    WormTrack is a network IDS that allows detection of scanning worms on a LAN by monitoring anomalous ARP traffic.
  • Zeppoo
    Zeppoo makes it possible to detect if a rootkit is installed on your system. It also makes it possible to detect hidden tasks, modules, syscalls, some corrupted symbols, and also hidden connections.



Share this Page
Bookmark and Share
Submit this page to popular social networks such as Digg, Twitter, StumbleUpon and more.


My LinuxLinks
MyLinks
  • Bookmarked links
  • Emailed Newsletter
  • Your own profile

  • Top Applications
    Top Free Software
    6 Lean Desktops
    14 File Managers
    21 Backup Tools
    21 Window Managers
    21 Productivity Tools
    21 Text Editors
    21 Video Emulators
    21 Home Emulators
    42 Graphics Apps
    42 Scientific Apps
    42 Email Apps
    12 Instant Messaging
    42 Games
    42 More Games
    21 More Games
    42 Audio Apps
    42 Video Apps
    80 Security Apps
    Free Console Apps
    14 Multimedia
    'Free' Proprietary
    21 Closed-Source Apps
    Top Commercial Apps
    42 Games
    Free Web Software
    21 Web CMS
    14 Wiki Engines
    8 Blog Apps
    6 eCommerce Apps
    Other Articles
    Migrating from Windows
    Distribution Guide
    Distro Portal Pages

    Migrate to Linux
    Thinking of switching to Linux? Check out our Linux Equivalents to Windows Software section, highlighting popular Linux equivalents to Windows software.

    This feature also includes over 150 individual software portal pages including Blender, Scribus, OpenOffice.org, Evolution, Eclipse, K3b, and MythTV, providing a wealth of essential information.

     

    Distribution Guides
    Distro Guide

    Debian
    Fedora
    Gentoo
    Mandriva
    OpenSuSE
    RedHat
    Slackware
    Ubuntu
    Xandros

    Absolute
    Linux Mint
    64 Studio

    LiveCDs
    Berry Linux
    GoblinX
    KNOPPIX
    Kubuntu
    NimbleX
    PCLinuxOS
    Sabayon
    SimplyMEPIS
    Xubuntu

    Entire List

     

    Services
    Web Calendar
    Linux Licenses

    Advertise at LinuxLinks.com

     

    Latest Portal Pages
    Mixxx
    energyXT2
    GRASS
    uDig
    QGIS
    gretl
    SPSS

     

    Add Link | Modify Link | About | FAQ | Guide | Privacy | Awards | Contact | SourceFiles.org
    Portal Version 0.7. Intel Blade.
    Comments to the webmaster are welcome.
    Copyright 2009 LinuxLinks.com All rights reserved.