Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Intrusion Detection System. Show all posts

Security Onion 20110909 now available ~ Intrusion Detection Systems

Security Onion is a Linux distro that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, scapy, hping, netcat, tcpreplay, and many other security tools.

Security Onion 20110909 is now available! This upgrade adds some new menu entries to make IDS tuning a little easier.

The "IDS Rules" menu now has a new entry called "Add Local Rules" which will open /etc/nsm/rules/local.rules for editing using the "mousepad" GUI editor. You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets).

A new menu called "IDS Config" was added with a new menu entry called "Configure IDS engine(s)". This will list all of the IDS engines on your system and allow you to choose one to configure. It will then open the proper config file for whatever IDS engine you're running. After you save and close the config file, it will offer to restart the IDS engine for you.



Example #1
Suppose you're currently running Snort and you choose eth0. The program will open /etc/nsm/NAME_OF_YOUR_SENSOR-eth0/snort.conf for editing using the "mousepad" GUI editor.
Example #2
Suppose you're currently running Suricata and you choose eth1. The program will open /etc/nsm/NAME_OF_YOUR_SENSOR-eth1/suricata.yaml for editing using the "mousepad" GUI editor.


In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

For more info:
http://securityonion.blogspot.com/

MyPHPIPS - PHP-Intrusion Prevention System

MyPHPIPS (MyPHP Intrusion Prevention System) is an open source PHP Web Application Intrusion Prevention System. It was based on PHPIDS (phpids.org) and distributed under the LGPL License. This work is supported by CyberSecurity Malaysia.

MyPHPIPS intends to assist the web developer/maintainers to secure their PHP CMS/application deployments without having with minimal resources (i.e time and money)

MyPHPIPS is a portable and less-hassle framework that serves as an extra security layer to defend against invalid/malicious requests to the web application or content management systems.

Download it From Here:
http://code.google.com/p/myphpips/downloads/list