have had a few occurrences of the "windows machine getting trojaned"
lately and need to setup NIDS to watch for such nastiness. in the past i
setup snort + ACID and found the process to be quite tedious since i
spent an inordinate amount of time setting it up. based on posts made on
misc@ and elsewhere, i'm wary of the security implications of running snort.
i am interested in hearing opinions on the following:
- snort + BASE
- prelude-IDS
- bro-IDS
- (how tedious it is)/(if it's possible) to setup a web interface for
the above IDS solutions
- openIDS; this is based on openbsd 3.7-release, AFAICT
- snort-inline or similar as IPS
- systrace-ing such a solution
whichever solution i go with, i need to install 2 sets of 2 sensors
each, so i'll try my hand at making a ready-to-roll solution along the
lines of
http://www.openbsdsupport.org/usenix-usebsd-nids.pdf .
i can make the install image available, unless someone has already done
this and is willing to offer it up ;)
cheers,
jake