Intrusion detection: How to use IDS IPS tools to secure the enterprise

Intrusion detection: How to use IDS IPS tools to secure the enterprise

Conceptually, intrusion detection and intrusion prevention are essential in order to keep the enterprise secure, and, thankfully, there are several intrusion detection system (IDS) and intrusion prevention system (IPS) commercial and open source tools on the market that can alleviate some of the headaches associated with deploying and managing these technologies.

In this mini learning guide, which is a part of the IDS/IPS Security Guide, security managers and professionals will learn about the features and capabilities of some of the most popular IDS/IPS tools available today, and well has how to use them.

Table of contents:

Guide to using Snort IDS/IPS tool

Backed by commercial company SourceFire Inc. and its own large and active community, the open source Snort intrusion detection and prevention toolkit has been known to be one of the most popular IDS/IPS tools on the market.

In this learning guide, JP Vossen discusses why Snort is such a powerful network intrusion detection tool, how to install, configure and maintain the tool, as well as how an enterprise can modify and write Snort rules and then use them for testing.

Intrusion detection tools: How to use Scapy to test Snort rules

The popular Snort intrusion detection system (IDS) is powered by rule sets – which can be written or altered by the user – that can aid security pros in examining traffic on an enterprise network. After a rule is written, it must be tested, which can be difficult in situations where there is no traffic.

In this tutorial, contributor Judy Novack explains how to use Scapy, a Python-based tool, to test Snort rules. Novack describes how an enterprise can use the tool to generate test traffic in order to trigger newly created Snort rules.

OSSEC screenshots: How to use the free IDS tool

While having an intrusion detection system in place is an essential elements of every enterprise security structure, implementing and operating an IDS can be expensive, making open source tools a popular alternative.

In this multi-part screencast video, which features step-by-step screenshots, enterprises will learn more about the open source OSSEC IDS tool, and how to use many of the tool’s features. Part one of this screencast series explains how to install an OSSEC server on Linux with an OSSEC Windows agent.