For the small business owner, knowing if their local network is under some kind of threat is a fairly big deal. And this of course translates into finding software that is going to provide you with either early warning to intrusion or perhaps even all out intrusion prevention, which is preferred.
To tackle this in a proactive sort of way, I suggest we look into software that is designed for intrusion prevention. And in this article, that is exactly what you’ll find.
Snort – Despite its silly name, Snort is amongst the best in open source intrusion detection software available. Some might suggest that there are better options from the proprietary side of the fence, I have yet to hear of it. Snort is able to give its users protocol analysis along with content matching functionality. Protect your network against buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts. This is advanced, but powerful software for anyone interested in try it.
AIDE (Advanced Intrusion Detection Environment) – This is a much simpler tool, but despite its own simplicity, it can provide you with a good idea of what is going on with any given system. Designed to protect individual computers, this software will allow Linux users to discover if any files may have been altered without permission. Basically, it’s a file and directory integrity checker.
OSSEC – Designed as a cross-platform, open source Host-based intrusion detection system. With its powerful analysis engine, OSSEC can provide file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting with the option of offering an active response if needed. This is a common choice for local governments and universities.
While there is no single perfect solution out there, I would say that Snort is a long time favorite with OSSEC making a close second. Either of these is worth a look, with AIDE being a great option for Linux enthusiasts looking for something localized.