NIDS + web interface

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

NIDS + web interface

Jacob Yocom-Piatt
have had a few occurrences of the "windows machine getting trojaned"
lately and need to setup NIDS to watch for such nastiness. in the past i
setup snort + ACID and found the process to be quite tedious since i
spent an inordinate amount of time setting it up. based on posts made on
misc@ and elsewhere, i'm wary of the security implications of running snort.

i am interested in hearing opinions on the following:

- snort + BASE
- prelude-IDS
- bro-IDS
- (how tedious it is)/(if it's possible) to setup a web interface for
the above IDS solutions
- openIDS; this is based on openbsd 3.7-release, AFAICT
- snort-inline or similar as IPS
- systrace-ing such a solution

whichever solution i go with, i need to install 2 sets of 2 sensors
each, so i'll try my hand at making a ready-to-roll solution along the
lines of

http://www.openbsdsupport.org/usenix-usebsd-nids.pdf .

i can make the install image available, unless someone has already done
this and is willing to offer it up ;)

cheers,
jake