This chapter covers the concept of intrusion detection and the tools that are available for deploying an IDS in a network. The chapter prepares Netadmins to secure the network by the following means:
Table 9-6 lists all the tools discussed in this chapter for deploying IDSs.
Table 9-6. Device IDS Tools
Tool | Function | Supported OS | URL/Notes |
|---|
Snort | NIDS | Linux and Windows | http://www.snort.org http://www.winsnort.com |
ACID | Web-based GUI front end for Snort | Linux and Windows | http://acidlab.sourceforge.net/ |
Knoppix-STD | Pre-installed Snort with management console | | http://www.knoppix-std.org |
Network Security Toolkit (NST) | Pre-installed Snort with management console | | http://www.networksecuritytoolkit.org/ |
Rancid | HIDS for detecting changes in device configurations | Linux | http://www.shrubbery.net/rancid/ |
IOS-based IDSs | IOS-based NIDSs embedded in Cisco routers | | http://www.cisco.com/go/ios |
PIX-based IDSs | PIX-based NIDSs embedded in Cisco routers | | http://www.cisco.com/go/pix |