Wednesday, January 20, 2010
Software Review: EASYIDS - 5 Stars
EasyIDS is an easy to install intrusion detection system configured for Snort. Based upon Patrick Harper's Snort installation guide and modeled after the trixbox installation cd, EasyIDS is designed for the network security beginner with minimal Linux experience.
Built upon a secure and stable operating system
CentOS is an Enterprise-class Linux Distribution derived from the source packages provided by RedHat. Referred to as the Community ENTerprise Operating System, CentOS is a secure and stable Linux Distribution with large community support. CentOS is developed by CentOS.
Passive detection of network probes and intrusion attempts
Snort performs protocol analysis and can passively detect a variety of attacks and probes such as buffer overflows, stealth port scans, web application attacks, and OS fingerprinting attempts. Snort is developed by Sourcefire.
Web-based analysis of intrusions
BASE is the Basic Analysis and Security Engine; a web-interface that provides a visual representation of intrusion data and allows analysis of possible intrusions that Snort has detected on your network. BASE is developed by the volunteers at Secure Ideas.
Automatic rule updates
The Snort rules are updated daily using Oinkmaster. EasyIDS can be configured to use and update the official Snort (VRT licensed) rules, the community rules and third party rules such as the Bleeding Snort rules. Oinkmaster is developed by Andreas Ã–stling.
Web-based analysis of network traffic
ntop is a network probe that provides a visual representation of the bandwidth usage and protocol analysis of the traffic on your network. ntop is developed by Luca Deri.
E-mail notification of alerts
SnortNotify is a lightweight script that searches the database for new alerts meeting the configured priority and sends an e-mail containing specific information about those alerts. SnortNotify is developed by 780INC.
Snort performance graphs
PMGraph is a perl script that generates Snort performance graphs. Some of the graphs include: Dropped Packets, Alerts Per Second, Average Bytes Per Packet, Open Sessions, CPU stats, and much more. PMGraph is developed by Andreas Ã–stling.
Scheduled local or remote FTP backups
Custom scripts allowing for the automatic and manual backup of EasyIDS to local or remote FTP hosts.
Integrated help system
Mouse-over style help messages on most of the configuration pages to provide details about what each of the options mean.
Company: Skynet Solutions
Rating: 5 Stars
Notes: dedicated PC needed for project with two ethernet ports. ISO wipes all data from hard drive on unit your are installing on. You have been warned.
Quick Install Guide
Complete Setup Guide