Лучшие дистрибутивы обнаружения вторжения

Insta-snorby




The appliance is designed for users who want to test Snorby (a new Snort IDS front-end) or need a quick and dirty snort sensor installed.
It comes with the following:
* Snort 2.9.0.3 – The latest version of the popular Intrusion Detection System
* Barnyard 2.19  – An application that deciphers Snort unified2 logs and puts them into the snorby database
* Snorby 2.2.1 – The IDS front-end
* OpenFPC – Full packet capture monitoring
* Pulled Pork 0.5 – IDS rule update management

The installation process will walk you through setting up the MySQL server and ask you to put in your “Oinkcode” which will automatically download the latest VRT  rules (the sigs that power the IDS) from SourceFire. Emerging Threat rules (another popular rules distro) are already downloaded and enabled.

http://www.snorby.org

Smooth-Sec

Smooth-Sec is a ready to-go  IDS/IPS (Intrusion Detection/Prevention System) linux distribution based on the multi threaded Suricata IDS/IPS engine and Snorby, the top notch web application for network security monitoring. Smooth-Sec is built on Ubuntu 10.04 LTS using the TurnKey Core base as development platform. Functionality is the key point that allow to deploy a complete  IDS/IPS System up and running out of the box within a few minutes, even for security beginners with minimal Linux experience.

http://bailey.st/blog/smooth-sec/

Siem-live

SIEM-live is a ready to go SIEM (Security Information and Event Management) system based on Open Source tools, and Debian-live. To collect events it is using Suricata IDS/IPS, syslog as a central collector, OpenVAS to scan for vulnerabilities, and many others. Alerts and events will be stored in the Open Source SIEM Prelude, analyzed and correlated. Results will be accessible using the web interface (Prewikka).

SIEM-live is a bootable live-CD, which provides a fully functional system without any configuration required. It can also use persistence, or may be installed on a hard disk / USB key.

It aims at providing an easy way to deploy and test a SIEM, and be able to quickly see what is happening on a network and concentrate on trying to detect high-level patterns with correlation. It will also contain visualization and reporting tools in a nearby future.

https://www.wzdftpd.net/redmine/projects/siem-live

Security Onion LiveDVD

The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools

http://securityonion.blogspot.com/

Network Security Toolkit

The Network Security Toolkit (NST) is a Linux-based Live CD that provides a set of open source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks. The distribution can be used as a network security analysis, validation and monitoring tool on servers hosting virtual machines. Other features include visualization of ntop, wireshark, traceroute and kismet data by geolocating the host addresses, IPv4 Address conversation, traceroute data and wireless access points and displaying them via Google Earth or a Mercator World Map bit image, a browser-based packet capture and protocol analysis system capable of monitoring up to four network interfaces using Wireshark, as well as a Snort-based intrusion detection system with a “collector” backend that stores incidents in a MySQL database.

http://www.networksecuritytoolkit.org

EasyIds

EasyIDS is an open source IDS (Intrusion Detection System) distribution based upon Snort. Built on CentOS and administered from a web based management interface, EasyIDS takes the pain and frustration out of deploying an intrusion detection system.

Designed for the network security beginner with minimal Linux experience, EasyIDS can convert almost any industry standard x86 computer into fully-functioning intrusion detection system in as little as 15 minutes. EasyIDS lowers deployment and maintenance costs for network security without compromising functionality or performance.

http://www.skynet-solutions.net/easyids/