Cyber criminals are working hard these days to gain access to your business and home networks and it therefore becomes imperative that you take all possible steps to secure your Windows system. If you have an Intrusion Detection Software (IDS) or an Intrusion Prevention Software (IPS) installed on your computers, servers or nodes, it will an additional layer of security to your computer.
Intrusion Detection & Intrusion Prevention
An intrusion detection software basically checks for changes that are made by unwanted programs that could be injected into your systems by cyber criminals. All of them study the data packets – incoming and outgoing – to see what kind of data is being transferred and alerts you in case it finds any kind of suspicious activities on the computer or network.
There are many intrusion detection software available in market. The functioning of different software depend upon how they are coded, but most of them check data packet signatures, changes made to computer registry or other areas of interest such as startup programs, format of data packets etc so that that they can trace possible intrusions on behalf of cyber criminals.
Intrusion detection software are of two types. One is the Host-based intrusion detection system and the other is Network-based intrusion detection system. The network-based intrusion detection system relies on data packets travelling on the network to make sure everything is alright. It works by comparing data packets by known types of attacks and by finding out irregularities in data packets travelling on the network. Examples of anomalies could be missing signatures, improper type of data packet etc.
The host-based intrusion system relies more on system settings to see if there is any kind of compromise or if any software is trying to force changes on your computer or computer network.
So in short, an IDS keeps an eye on data packets travelling over the network and alerts you when any attack is suspected or when a policy violation happens. It will inform you that someone is trying to get into your computer and explain what happened during the cyber attack, whereas an IPS will attempt to stop it and prevent access. An IDS detects unauthorized activity, whereas an IPS will block unauthorized packets that match a particular malicious signature.
Intrusion Detection & Prevention Software
Here is the list of 3 free intrusion detection software for your Windows system – Snort, OSSEC for Enterprise use and WinPatrol. Snort and OSSEC are network intrusion detection systems while WinPatrol is Host-based Intrusion detection.
OSSEC Free IDS for Businesses
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response and runs on almost all platforms like Windows, Linux, Polaris and Mac. This open-source tool keeps an eye on data travelling on your network and alerts you in case of irregularities. It also keeps a log that provides you with details of what happened so that you can zero in on decisions.
OSSEC will check for policy violations, file integrity, log analysis and offers real time alerts and active responses. As such, it is good for small businesses and also for home networks. The configuration is a little tough for those who do not have much knowledge of networks but it does its work pretty well and hence is recommended. Documentation is available, so most users who are not well versed with networks can refer to the documentation in case of doubts and questions.
Open-Source Snort Intrusion Detection and Prevention Software
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire, which combines the benefits of signature, protocol, and anomaly-based inspection. It has plenty of options that help you customize it to your company needs. It is good for both business and home use. It can be run on servers with multiple nodes or on a standalone system.
This tool checks the different aspects of packets and logs all irregularities so that you can check them if you feel something suspicious happens. It alerts you if any such irregularities are detected and helps you dig into it by providing you the logs. It checks packet signatures, packet format, network IDs and more before allowing a packet to enter your network.
The commercial version of Snort has plenty more features, but if your business needs are small, the free version of the open-source Snort is good enough to take care of any possible intrusions.
WinPatrol for home computers
Both Snort and OSSEC are good for business networks. You can use WinPatrol in addition to the above or as standalone package on standalone computers. I will not recommend it for networks where chances of anomalies are high, but for those who need a simple intrusion detection system that they can run on their home computers, WinPatrol, as a simple intrusion detection software, is the best as it is easy to use.
One just needs to install it and it takes care of everything on the computer. Other than network packets, it also checks for registry changes and some other things that makes it a perfect tool for moderate computer users. It offers real-time protection against changes made to registry, startup programs, Internet options and more. There are both paid and free version of software. The paid version offers more details about a possible intrusion, but for most of the home computers, the free version is sufficient.
Everyone has their own favorite freeware. Let us know if you have any suggestions or observations to make.