Intrusion Detection System experience - Snort or others?

Mike Davis

Does anyone run an IDS? I'm working with a SonicWall firewall and primarily concerned with the traffic hitting the remote desktop server since it's the only incoming port. I'm also interested in looking for suspicious traffic leaving our network in the even that a computer on the inside got hacked and was calling home/providing remote access.

Is anyone running Snort that can comment on it? I'm not against a commercial product if there is something that works well.

WrCombs

@Mike-Davis new to IT ; what is "IDS" ?
and what is "Snort"?

FrostyPhoenix

@Mike-Davis Hi there!
So while there are a bunch of software that does it (Carbon Black by Bit9, McAfee HIPS, etc)

I'd like to suggest my product...Jentu.

What Jentu does is stream the desktop to a workstation internally, behind a secured network connection, and by doing so...bypasses the hard drive on the workstation.
What that means is...with no hard drive at the workstation, means no platform for someone to put malware/cryptoware/spyware on your machine...as these require a hard drive to install into and operate out of.

No other software on the planet can do that.

Would you be interested in learning more?

gjacobse

@WrCombs said in Intrusion Detection System experience - Snort or others?:

@Mike-Davis new to IT ; what is "IDS" ?
and what is "Snort"?

IDS - Intrusion Detection System.

Snort would be a system or software .

dafyre

Snort is good for this... Another one that is also good for this is Suricata (https://oisf.net/suricata/)

@WrCombs -- IDS is Intrusion Detection System (and IPS is Intrusion Prevention System)... IDS systems will alert you in various ways that something has happened that you set rules up for.

An IPS system will actively try to block things that you set rules up for.

Snort and Suricata can both be an IPS or IDS...

Mike Davis

@WrCombs said in Intrusion Detection System experience - Snort or others?:

@Mike-Davis new to IT ; what is "IDS" ?
and what is "Snort"?

Welcome to IT. You can get quick answers about what acronyms are and other stuff by googling it. IDS = Intrusion Detection System. It's a system that looks at what normal network traffic looks like and tries to find out of the ordinary traffic to indicate that you might have unauthorized access going on in your network among other things.

dafyre

@Mike-Davis -- I ran Suricata instead of Snort for a couple of years and it was excellent.

WrCombs

oh okay! thanks guys. @Mike-Davis @gjacobse @dafyre