Les détecteurs d’intrusion réseau et hôtes HIDS

Voilà un panorama non exhaustif des détecteurs d’intrusions.

Network Intrusion Detection System(NIDS)

NIDS WatchGuard Firebox /XTM

Sonicwall

NetScreen

TopLayer

Arkoon IDPS

Prelude IDS

NetRanger [http://www.cisco.com]

Dragon [http://www.securitywizards.com]

NFR [http://www.nfr.net]

Snort [http://www.snort.org]

DTK [http://all.net/dtk/dtk.html]

ISS RealSecure [http://www.uh.edu/infotech/software/unix/realsecure/index.html]

Enterprise Security for Communication and CollaborationTrend Micro Email, instant messaging, and collaboration systems connect your employees, partners, and customers, but they also open doors for cybercriminals. In…Commercial

Apani EpiForce Apani Networks Apani® EpiForce® is a software-based, cross-platform server isolation, encryption and access management solution that enables logical security zoning…Commercial

Cisco Catalyst 6500 Series Intrusion Detection System ModuleCisco Systems Inc With the increased complexity of security threats, such as malicious Internet worms, denial of service (DoS) attacks, and e-business application…Commercial

Core ControllerHewlett-Packard Core network upgrades driven by data center consolidation, high performance computing and high bandwidth applications like video on demand and file…Commercial

Corero Top Layer IPS™Corero Network Security Top Layer IPS™ (Intrusion Prevention System) delivers the most comprehensive network protection compared to other IPS products. The company’s IPS…Commercial

Digital Vaccine® Security Filter ServiceHewlett-Packard In providing the vulnerability analysis for SANS every week, the TippingPoint DVLabs security team simultaneously develops new attack filters to address…Commercial

fwsnortCipherDyne Application Layer IDS/IPS with iptables fwsnort parses the rules files included in the SNORT ® intrusion detection system and builds an equivalent…Commercial

Intrusion Detection and Prevention Appliances (IDP)

Juniper Networks Juniper Networks intrusion detection and prevention products provide comprehensive inline network security from worms, Trojans, spyware, keyloggers, and…Commercial

Lan-Secure Network Management Monitoring Software

Lan-Secure Security Center is network security software for real-time intrusion detection IDS and prevention IPS that helps to protect networks from potential…Commercial

NetWitness NextGen™NetWitness Know Everything. Answer Anything. Move into the Next Generation of Network Security Monitoring. NetWitness NextGen™. NetWitness NextGen is the most…Commercial

Reputation Digital Vaccine® ServiceHewlett-Packard In providing the vulnerability analysis for SANS every week, the TippingPoint DVLabs security team simultaneously develops new attack filters to address…Commercial

Secospace NIP Series Network Intrusion Detection System

Huawei Symantec The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huawei…Commercial

Strata Guard®StillSecure Our multi-Gig, multi-segment intrusion detection/prevention system (IDS/IPS) stops hackers dead in their tracks, preventing malware, spyware, port…Commercial

UTM & Product ServicesClavister When you buy a Clavister Security Gateway, regardless whether it is a physical or virtual product, they all support a wide range of optional…Commercial

Venusense Intrusion Detection and Management System (IDMS)Beijing Venustech Inc. Venusense Intrusion Detection and Management System (IDMS) is a security product for intrusion detecting. It is independently developed by Venustech….Commercial

Host Intrusion Detection System (HIDS)

Patriot NG

Swatch

Nocol

Osiris

OSSEC HIDS

Entercept

Okena (Cisco)

ServerLock

Tripwire

Logsufer

Prelude

Problème consomme enormement de CPU

Augmenter la vitesse de convergence d’un NLB derrière un firewall pfSense

Un gros problème survient lors de la bascule de NLB sur des environnements Windows ou Linux le cache ARP.

Par défaut sur un firewall pfSense il est de 20 minutes.

Donc votre NLB fonctionne à merveille mais vous ne pouvez passer sur le noeud secondaire que 20 minutes plus tard. Quel interêt de faire un NLB alors ? Autant le faire à la main.

Une solution est de changer le cache ARP du firewall pour lui demander de conserver les resolution ARP de façon très courtes.

Une commande simple permet de faire cela

sysctl -w net.link.ether.inet.max_age=5

cette ligne permet de garder en cache 5 secondes les éléments.

On aura plus de requêtes ARP mais la bascule a lieu en 6 secondes  max.

Pour vérifier que le paramètre est bien pris en compte:

sysctl –a