Portable IDS/IPS virtual server? [on hold]
Is there any open source / free VM solution for a simple portable (easy to deploy on any vlan or by using proxy) in order to monitor the traffic for attacks and or prevent them?
Category Archives: IDS
Comparison of false alarm generation between Suricata, Bro, and Snort
I’m doing benchmarks between IDs-es: Suricata, Bro and Snort. I want to know if there is a statistic about generation of false alarms between Snort, Suricata, and Bro. Can any one help me?
Continue reading Comparison of false alarm generation between Suricata, Bro, and Snort
Which OS for NIDS(Snort or Suricata) on VMware?
Is there a favorite OS for NIDS performances?
I hesitate between using OpenBSD, FreeBSD, Ubuntu Server or Debian.
Is the ease of use the only argument to take into account?
Continue reading Which OS for NIDS(Snort or Suricata) on VMware?
Examples of non signature based anti-malware/anti-virus programs, IDS, & system integrity scanners
All traditional anti-virus software uses signatures to detect known malware after it has been discovered by the software companies and added to the definitions. Heuristic definitions allow a piece malware that has been modified to still be… Continue reading Examples of non signature based anti-malware/anti-virus programs, IDS, & system integrity scanners
Honeypots and Virtual box and staying safe, what works NAT or bridged Adapter or something else
Hi I had to pick a project for University about something that I never knew much about so I have picked honeypots. I have to report about types and amounts of attacks etc.
Can anyone help me with the actual Virtual Box confi… Continue reading Honeypots and Virtual box and staying safe, what works NAT or bridged Adapter or something else
Evading Network-Based Detection Mechanisms – Tradecraft Security Weekly #24
In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standard pente… Continue reading Evading Network-Based Detection Mechanisms – Tradecraft Security Weekly #24
Tripwire report shows modification dates from when I was on vacation with computer shutdown at home
Tripwire report shows modification dates from when I was on vacation with computer shutdown at home – how is this possible?
here is one of many examples:
Modified object name: /lib/x86_64-linux-gnu/security/pam_systemd.so
… Continue reading Tripwire report shows modification dates from when I was on vacation with computer shutdown at home
Snort IDS rule for web server malware issue [on hold]
What would be (three) Snort rules for a webserver to detect any clients using the HTTP and POST method to upload any file.
Continue reading Snort IDS rule for web server malware issue [on hold]
NextGen SIEM Isn’t SIEM
Security Information and Event Management (SIEM) is feeling its age. Harkening back to a time in which businesses were prepping for the dreaded Y2K and where the cutting edge of security technology was bound to DMZ’s, Bastion Hosts, and network … Continue reading NextGen SIEM Isn’t SIEM
Anomaly based IDS Vs Protocol state based IDS
Is there any difference between them? On google, I can find many description about anomaly based IDS. But I can not find any description about protocol state based IDS.
Continue reading Anomaly based IDS Vs Protocol state based IDS