Probably one of the best freeware applications to monitor the network for intrusions would be Snort. Intrusion detection systems can be one of several types. Snort is a good example of a pattern matching IDS. Pattern matching IDS systems rely on a database of known attacks. Attacks signatures are loaded into the system. As soon as the signatures are loaded into the IDS it can begin to guard the network. Curious what a signature looks...
like, here is one below.
Alert tcp any any -> any 80 (content: "hacker"; msg: "Hacker Site Accessed";)
The signatures are usually given a number or name so that the administrator can easily identify an attack when it sets of an alert. Alerts can be triggered for fragmented IP packets, streams of SYN packets (DoS), or even malformed ICMP packets. What makes Snort an awesome tool is that it can run on Linux or Windows and there's a great base of tools and users out there to help you realize it full potential. Is there a down side to all this good news I am offering? Yes, there is a learning curve involved. If you want to learn more start by checking out Snort.org.
Related Q&A from Michael Gregg
Enterprise security expert, Michael Gregg answers a question regarding port 3389 issues when a user tries to open port 3389 RDP on their router to ...continue reading
Expert Michael Gregg answers a reader question about Snort and the interfaces it uses.continue reading
Security expert Michael Gregg notes the risks to enteprise security that mobile devices may cause.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.