5/12/2018 https://www.lifewire.com/ids-and-prevention-ips-software-2487316?

print

Lifewire

Free Intrusion Detection (IDS) and

Prevention (IPS) Software
Tools to monitor your network for suspicious or malicious activity

by Tony Bradley, CISSP-ISSAP 136

Updated August 21, 2018

Intrusion Detection Systems (IDS) were developed in response to the increasing frequency of
attacks on networks. Typically, IDS software inspects host configuration files for risky settings,
password files for suspect passwords and other areas to detect violations that could prove
dangerous to the network. It also sets in place ways for the network to record suspicious
activities and potential attack methods and to report them to an administrator. An IDS is similar
to a firewall, but in addition to guarding against attacks from outside the network, an IDS
identifies suspicious activity and attacks from within the system.

Some IDS software can also respond to intrusions it detects. Software that can respond is
usually referred to as Intrusion Prevention System (IPS) software. It recognizes and responds to
known threats, following a large body of criteria.

In general, an IDS shows you what is happening, while an IPS acts on known threats. Some
products combine both features. Here are a few free IDS and IPS software options.

Snort for Windows

Snort for Windows is an open source network intrusion detection system, capable of performing
real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of attacks and probes, such as
buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts and
much more.

Suricata

Suricata is open source software that has been called "Snort on steroids." It delivers real-time
intrusion detection, intrusion prevention, and network monitoring. Suricata uses a rules and
https://www.lifewire.com/ids-and-prevention-ips-software-2487316?print 1/2
5/12/2018 https://www.lifewire.com/ids-and-prevention-ips-software-2487316?print

signature language and Lua scripting to detect complex threats. It is available for Linux, macOS,
Windows and other platforms. The software is free, and there are several fee-based public
training events scheduled each year for developer training. Dedicated training events are also
available from the Open Information Security Foundation (OISF), which owns the Suricata code.

Bro IDS

Bro IDS is often deployed in conjunction with Snort. Bro's domain-specific language does not
rely on traditional signatures. It logs everything it sees in a high-level network activity archive.
The software is particularly useful for traffic analysis and has a history of use in scientific
environments, major universities, supercomputing centers and research labs for securing their
systems. The Bro Project is part of the Software Freedom Conservancy.

Prelude OSS

Prelude OSS is the open source version of Prelude Siem, an innovative hybrid intrusion
detection system that is designed to be modular, distributed, rock solid and fast. Prelude OSS is
suitable for limited-size IT infrastructures, research organizations and for training. It is not
intended for large-size or critical networks. Prelude OSS performance is limited but serves as an
introduction to the commercial version.

Malware Defender

Malware Defender is a free Windows-compatible IPS program with network protection for
advanced users. It handles intrusion prevention and malware detection. It is well-suited for home
use, although its instructional material is complicated for average users to understand. Formerly
a commercial program, Malware Defender is a host intrusion prevention system (HIPS) that
monitors a single host for suspicious activity.

https://www.lifewire.com/ids-and-prevention-ips-software-2487316?print 2/2