Using free network intrusion detection and prevention tools to stop hacks

First, be sure to have a tool in place to analyze network traffic, most importantly near the edge of the network. Snort is, by far, the leading free IDS software available, although commercial versions of Snort are now available as well. Snort can be configured to monitor all network traffic. Typically, you'll want to replicate your Internet inbound traffic to one or more switch-ports (in Cisco terms, you'll span traffic to a port), where a Snort-equipped computer will be running. Your only cost is the computer itself, which can run on Linux or Windows. Often, a spare PC with a decent-sized hard drive will do fine. Snort can dump suspicious looking traffic to log files, after which you can set up any of several free alerting tools to monitor the log files, and email or page you when such traffic is detected.

Second, you mus...

Once all log files are accessible, it's time to install a free alerting tool or write your own. If you're interested in writing your own alerting tool, Batch, Perl or other free scripting tools can be used to execute parsing commands, such as the Windows "find" command or the Unix "grep" command. This can help to find suspicious-looking activity in log files from both Snort and your server, router and firewall security logs. A free email program, such as Blat, can then be used to send log entries to a pager, cell phone or email address.

This is definitely a crash course in developing a budget alerting system, but you'll be surprised at how well such a system can provide alerts to potentially malicious events, like port scans and failed login attempts, at an extremely low cost.

About the author
Vernon Haberstetzer, president of security seminar and consulting company i.e.security, has seven years of in-the-trenches security experience in healthcare and retail environments.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Tech Tips,   Network Intrusion Detection (IDS),   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Network Intrusion Prevention (IPS),   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Tech Tips Video: The foundation of an email security strategy The 5 A's of functional SAN security Effective storage security policies Smart options for safeguarding stored data Outfox SOX: How to make regulations work for you Roberta Bragg's 10 Windows hardening tips in 10 minutes Hacker techniques and exploits: Prevent system fingerprinting, probing How to stop hacker theft: Employee awareness, risk assessment policies Information Security Decisions Fall 2004: Speaker presentations Expert advice: Does two-factor authentication protect you from hackers? Network Intrusion Detection (IDS) Preventing SQL injection attacks: A network admin's perspective Lifecycle of a network security vulnerability Best Intrusion Prevention and Detection Products Rogue AP containment methods SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Know when you need IDS, IPS or both Trend Micro to acquire Third Brigade for virtualization, cloud security New product aims to control rogue applications that avoid firewalls How to perform a network forensic analysis and investigation Network Intrusion Detection (IDS) Research Network Intrusion Prevention (IPS) Aligning network security with business priorities Best Intrusion Prevention and Detection Products Port scan attack prevention best practices Lesson 4: How to use wireless IPS Lesson 1 quiz: Risky business Hacker attack techniques and tactics: Understanding hacking strategies SIMs tools and tactics for business intelligence IPS and IDS deployment strategies I'll be watching you: Wireless IPS Know when you need IDS, IPS or both Network Intrusion Prevention (IPS) Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary computer forensics  (SearchSecurity.com) Diffie-Hellman key exchange  (SearchSecurity.com) Einstein  (SearchSecurity.com) HIDS/NIDS  (SearchSecurity.com) network behavior analysis  (SearchSecurity.com) ultrasound  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.