I have been tasked with evaluating the latest WinIDS AIO pack from Winsnort.com to determine whether it would be suitable as the intrusion Detection System (IDS) on the company network. Within this report i will include the details of the trial deployment, give a recommendation and then evaluate the product. What is an IDS?
Intrusion in this case is where someone or something as it may be has entered a computer on a network without invitation in attempt to compromise it. Without any systems in place it can be too late before you notice an intruder. this is where an intrusion detection system comes into play. In snort 2.0 an IDS is described as a high tech burglar alarm. An IDS is configured to monitor access points, hostile activities and known intruders. An IDS can work similarly to an anti-virus where it stores signatures of previous or known intruders, the more secure IDS's have huge databases of these signatures and can detect patterns activity, traffic, or behaviour it sees in the logs it is monitoring against those signatures to recognize when a close match between a signature and current or recent behaviour occurs. When an IDS detects an intruder or potential risk it can issue an alarm or alert and/or automatically take action. Deployment
As said in the introduction there was a certain IDS that we had to deploy and find out certain information about it, for example; ease of installation, administration, usability, effectiveness as an IDS and also if there were additional features available. Usually Snort is installed on a Linux operating system but in this case we are going to install it using a windows operating system. Due to it being installed on windows server 2003 it made the difficulty of installation a lot higher as there is not as much documentation on it. There are a number of steps involved when trying to install Snort. Unlike many systems this IDS has to be installed...