Intrusion Detection Systems,Firewalls, and Other Security Systems
AAFID
(Autonomous Agents for Intrusion Detection)
ACME!
http://www.acme.ibilce.unesp.br/
University of Sao Paulo, Brazil
ADS (Attack Detection System)
University College Dublin, Ireland
AFJ (Anzen Flight Jacket)
http://www.anzen.com/afj
Anzen Computing Inc., Washington
AID
(Adaptive Intrusion Detection system)
http://www-rnks.informatik.tu-cottbus.de/~sobirey/aid.e.html
Brandenburg University of Technology at Cottbus, Germany
AIMS
(Automated Intrusion Monitoring System)
http://www.access.gpo.gov ...
U.S. Army
ALERT-PLUS/
Protect 2000
http://www.compsec.com/html/products_and_services.html
Computer Security Products Inc., Mississauga, Canada
ALVA (Audit Log Viewer and Analyzer)
General Electric, Schenectady, New Jersey
APA (Automated Penetration Analysis tool)
University of Maryland at College Park
ARMD
(Adaptable Real-time Misuse Detection)
http://www.isse.gmu.edu/~jllin/system/
George Mason University, Fairfax, VA
ARMOR
(Adaptive Risk Management, Oberservation, and Response System)
http://www.hiverworld.com/armor.ice
Hiverworld, Inc.
ASAX
(Advanced Security audit trail Analyzer on uniX)
http://www.info.fundp.ac.be/~amo/publications.html
http://www.ja.net/CERT/Software/asax/
University of Namur, Belgium
ASIM
(Automated Security Incident Measurement)
http://www.access.gpo.gov ...
U.S. Air Force Information Warfare Center and Trident Systems
AudES (Audit based Expert System)
IBM Los Angeles Scientific Center, Colorado, California
BackOfficer Friendly by
Network Flight Recorder (www.nfr.net/products/bof)
Free for unix systems, $29 for Windows/NT
A burglar alarm for permanent Internet connections. Simple, unobtrusive, and easy to
install. Identifies attacks from Back Orifice, a remote control penetration application
originally produced and distributed by the Cult of the Dead Cow, a hacking group.
BackOfficer Friendly gives the attacker false answers that look like they came from Back
Orifice, while logging the attacker's IP address and the operations they attempted to
perform.
BlackICE
Defender (www.networkice.com/html/blackice_defender.html) by Network ICE
$39.95 per user
BlackICE Defender combines firewall and intrusion detection technologies. It inspects
every packet, blocking those that are hostile, allowing harmless data to pass, yet always
ready to step in and intercept an attack (see also the ICEpac Suite under Desktop/Personal
Firewalls, below.) Network ICE has collected a vast amount of information regarding
hackers, attacks, vulnerabilities and solutions on the advICE website. Features: identify
intruders, block attackers, evidence logging, and track origin of attacks.
BlackICE Sentry
by Network ICE (www.networkice.com/html/blackice_sentry.html)
$4,500 includes one year of full technical support
Protects your network agains hacker attacks and malicious employees for your network.
BlackICE Sentry is a high performance network-based Intrusion Detection System (IDS). It
monitors all TCP/IP traffic on a segment and alerts you to hostile or suspicious activity
against any host on that segment. Key features: no dropped packets (full 7-layer decoding
of a 100% load of 64 byte TCP/IP packets on a 100 Mbps Ethernet segment), decodes and
detects fragmented attacks, NMAP scans, and many other malicious attacks without affecting
CPU utilization or system throughput, easy-to-understand alerts and full reporting and
evidence logging capabilities.
Bro
http://www-nrg.ee.lbl.gov/nrg-papers.html
Lawrence Berkeley National Laboratory, Berkeley, California
formerly known as eNTrax
Centrax
http://www.cybersafe.com/solutions/centrax.html
Centrax Corp., San Diego, CA; now CyberSafe
CERN-NSM
(Network Security Monitor)
http://www.zurich.ibm.com/pub/Other/RAID/Prog_RAID98/Full_Papers/moroni_manual.html
CERN, Geneva, Switzerland
Cisco
Secure IDS
formerly NetRanger
http://www.cisco.com/warp/public/cc/cisco/mkt/security/nranger/prodlit/netra_ds.htm
Cisco Systems, Inc., San Jose, TX
CMDS (Computer Misuse Detection System)
formerly: http://www.ods.com/security/products/newcmds1.shtml
ODS Networks, Inc. Richardson, Texas
bibliography
ComputerWatch
http://www.att.com/press/0293/930202.fsa.html
http://www.att.com/press/1192/921116.fsa.html
AT&T Bell Laboratories, Whippany, New Jersey
ConSeal PC Firewall
by ConSeal (www.consealfirewall.com/cffeatures.htm)
$50 for single user, $300 for NT server, bulk pricing also available. 15-day free trial
download.
Security at the network ‘Link Layer’. ConSeal PC FIREWALL’s learning modes
allow rules (that tell it what to allow and what to stop) and rulesets to be generated
efficiently. It also allows you to construct rules that allow or disallow packets when you
are running a specific application; using a specific Ethernet or serial device; dialing a
specific phone number; using a specific service, file or print share; or sending or
receiving packets in or out, from a specific IP address or a specific user. Log files
record all network activity to help you track down important events.
CyberCop Monitor
http://www.pgp.com/asp_set/products/tns/ccmonitor_intro.asp
Network Associates International
CyberTrace
http://www.cybertrace.com/ctids.html
Ryan Net Works, LLC Fairfax, VA
DECinspect Intrusion Detector
Digital Equipment Corporation, Merrimack, New Hampshire
DIDS (Distributed
Intrusion Detection System)
http://seclab.cs.ucdavis.edu/
University of California at Davis
Discovery
TRW, Orange, California
DPEM
(Distributed Program Execution Monitor)
http://seclab.cs.ucdavis.edu/~ko/papers/thesis.ps
University of California at Davis
bibliography
Dragon
http://www.securitywizards.com/
Network Security Wizards
EASEL (???)
formerly: http://www.sac.navy.mil/idresources
US Naval Special Action Office
EMERALD
(Event Monitoring Enabling Responses to Anomalous Live Disturbances)
http://www2.csl.sri.com/emerald/index.html
further development of NIDES
SRI International, Menlo Park, CA
Etherfast Cable/DSL Router by
Linksys (www.linksys.com)
$200 for 253 users
Connects multiple PCs to a high speed Broadband Internet connection or to an Ethernet
back-bone.The built-in NAT technology acts as a firewall protecting your internal network.
Configurable as a DHCP server. Combination of router and switch technology eliminates the
need to buy an additional hub or switch and serves your network as a completely dedicated,
full duplex backbone.
ERIDS
(External Routing Intrusion Detection System)
http://www.ir.bbn.com/projects/erids/erids-index.html
BBN Systems and Technologies
eSafe Desktop
by Aladdin Knowledge Systems Inc. (www.ealaddin.com/esafe/desktop/detailed.asp)
Uses a security system that verifies access of those applications to system resources
against a predefined, and limited Access Control List. This way, all active content is
controlled, including Java, ActiveX, scripts, plug-ins, HTML, Trojan horses, etc. The
Personal firewall module filters all Internet traffic, restricting access to web sites or
newsgroups based on keywords or categories. You can control which protocols can be used,
what ports are open, and what times of the day they can be used. System owners can also
prevent users from installing software, modifying system settings, booting into safe mode,
and a dozen more options.
ESSENSE
Digital Equipment Corporation, Marlboro, Massachusetts
eTrust
Intrusion Detection
formerly SessionWall-3
http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/
Computer Associates International, Inc., Islandia, NY, USA
(FW-1
specific Network Intrusion Detector)
Lance Spitzner
http://www.enteract.com/~lspitz/intrusion.html
LiveSecurity System
by WatchGuard (www.watchguard.com/products/wgls.html)
Approx. $4,900
Content filtering system (FireBox II). simple installation wizard and management
interface, real-time and historical reporting, notification; view user, host, service and
bandwidth usage; remote user VPN, NAT, etc. PC Magazine Editors's Choice (June 27, 2000).
GASSATA
(Genetic Algorithm for Simplified Security Audit Trail Analysis)
http://www.supelec-rennes.fr/rennes/si/equipe/lme/these/these-lm.html
SUPELEC, Cesson Sevigne, France
GrIDS
(Graph-based Intrusion Detection System)
http://olympus.cs.ucdavis.edu/arpa/grids/welcome.html
University of California at Davis
Gauntlet 5.5
by PGP Security (www.pgp.com/products/gauntlet)
$2,600 for up to 100 users
A secure and powerful firewall software, integrated McAfee virus scanning engine,
application and adaptive proxies, and PKI server. Network Magazine 2000 Product of the
Year award.
Haystack
Tracor Applied Sciences, Inc. (later Haystack Labs, Inc.), Austin, Texas
HAXOR
now part of Tivoli's Cross-Site
IBM Watson Research Laboratory, Nawthorne, NY
Hummer
www.cs.uidaho.edu/~hummer
University of Idaho
Hyperview
Search in the archive of the IDS mailing list.
CS Telecom, Groupe CSEE, Paris, France
ICEpac Suite
by Network ICE Corp. (www.networkice.com/html/icepac_suite.html)
Note: product also referred to as "ICEcap" on the Network ICE Corp. website.
BlackICE Agent only: $99; BlackICE Defender: $39.95, contact company for pricing.
This suite combines firewall and intrusion detection technologies to deliver award-winning
protection against attacks. It works in real-time to detect, identify and block hackers
before they can compromise a system. ICEcap Manager consolidates alerts, logs hostile
activity, and forwards information to other applications, including enterprise management
consoles and trouble-ticket systems. BlackICE Agents deployed on every desktop, server,
and remote user system protect the entire corporate network. BlackICE Sentry provides
intrusion detection on network traffic, and reports suspicious or hostile traffic directed
against any device.
IDA (Intrusion Detection Alert)
Motorola, Rolling Meadows, Illinois
IDA
(Intrusion Detection and Avoidance system)
http://agn-www.informatik.uni-hamburg.de/people/fischer/eng.htm
University of Hamburg, Germany
IDA(3)
(Intrusion Detection Agents Systems)
http://www.ipa.go.jp/STC/IDA/index.html
Information-technology Promotion Agency, Japan
IDEAS (Intrusion Detection
& Alerting System)
secunet Security Networks AG, Dresden, Germany
IDES
(Intrusion Detection Expert System)
http://www.csl.sri.com/intrusion.html http://www.csl.sri.com/trlist3.html#1992
SRI International, Menlo Park, California
IDIOT
(Intrusion Detection In Our Time (-IDS))
http://www.cerias.purdue.edu/coast/coast-tools.html
ftp://coast.cs.purdue.edu/pub/doc/intrusion_detection/IDIOT_Users_Guide.ps
Purdue University, West Lafayette, Indiana
bibliography
ID-Trak
http://www.axent.com/Axent/Products/Framesection
(formerly: http://www.internettools.com)
Internet Tools, Inc., Fremont, California; now AXENT
Inspect
CEFRIEL, Milano, Italy
Internet
Security 2000 by Norton (www.symantec.com/sabu/nis/nis_pe/index.html)
$79.95, downloadable from Norton website. Firewall only: $49.95
Internet Security 2000is an integrated security and privacy suite helps you defend your
computer against hackers with Norton Personal Firewall. You also get Symantec's
award-winning Norton AntiVirus 2000 software to stop viruses, malicious ActiveX controls
and Java programs, and other dangerous code. In addition, Norton Privacy Control lets you
keep personal information from being sent to web sites without your permission, control
Internet "cookies," and block banner ads to accelerate download speeds. The free
web-based Security Analyzer is a subset of the Internet Security 2000 package; it
determines your PC’s current level of protection from hackers, Trojan viruses, and
privacy threats. PC Magazine Editors Choice (June 27, 2000)
Interceptor
by eSoft Inc (www.esoft.com/products/interceptor.html)
Approx. $3,800
Vendor claims this "firewall appliance can be up and running in 15 minutes",
offers real-time alerting, web based secure interface, pre-defined security policies,
graphical reporting tool, supports Network Address Translation (NAT), and more.
INTOUCH INSA
- Network Security Agent
http://www.ttisms.com/tti/nsa_www.html
Touch Technologies, Inc.
ISM (Internetwork Security Monitor)
University of California at Davis
ISOA (Information Security Officer's Assistent)
Planning Research Corp., Inc., Mc Lean, Virginia
Intruder
Alert
http://www2.axent.com/product/smsbu/ITA/default.htm
AXENT Technologies, Inc., Rockville, MD
JiNao
http://www.mcnc.org
MCNC, Research Triangle Park, NC
KSE
(Kane Security Enterprise)
further development of CMDS
http://www.intrusion.com/Products/enterprise.shtml
Intrusion.com, Inc., New York, NY
KSM
(Kane Security Monitor)
http://www.intrusion.com/Products/monitor.shtml
Intrusion Detection, Inc., New York, NY
MIDS
(Master Intrusion Detection System)
http://seclab.cs.ucdavis.edu/projects/idip.html
University of California at Davis
NADIR
(Network Anomaly Detector and Intrusion Reporter)
http://seclab.cs.ucdavis.edu/cmad/4-1996/session2.html
Los Alamos National Laboratory, New Mexico
NAURS (Network Auditing Usage Reporting System)
SRI International, Menlo Park, California
NetProwler
http://www2.axent.com/product/netprowler/default.htm
AXENT Technologies, Inc., Rockville, MD
NetSTAT
(Network-based State Transition Analysis Tool)
http://www.cs.ucsb.edu/~kemm/netstat.html/projects.html
further development of USTAT
University of California at Santa Barbara
NFR (Network Flight Recorder)
http://www.nfr.net
Network Flight Recorder, Inc.
NID (Network
Intrusion Detector)
further development of NSM
http://ciac.llnl.gov/cstc/nid/nid.html
Lawrence Livermore National Laboratory
NIDAR
DSO National Laboratories, Singapore
NIDES
(Next-generation Intrusion Detection Expert System)
further development of IDES
http://www2.csl.sri.com/nides/index.html
SRI International, Menlo Park, California
NSM (Network Security Monitor)
University of California at Davis
Phoenix
Adaptive Firewall by Progressive Systems
(www.progressive-systems.com/products/phoenix/
Approx. $3,000
Simple set up for NAT and Port forwarding, graphical interface, ease of adding and
subtracting static routes easy, secure remote administration, examines all aspects of
incoming packets to ensure their validity, and more..
PDAT (Protocol Data Analysis Tool)
Siemens AG, Munich, Germany
PRéCis
http://www.bellevue.prc.com/precis/
Litton PRC, McLean, VA
Personal Firewall by
McAfee (www.mcafee.com/myapps/firewall)
$39.95 plus $29.95 for Internet Guard Dog.
MPF monitors all network activity and stops all known hacks, nukes, trojans, and DOS
attacks. Selectively block applications from accessing the Internet, change settings for
services. Can be used in conjunction with McAfee's Internet Guard Dog, an antivirus,
filtering, and privacy application.
PrivacyFence
by Fortres (www.fortres.com/products/privacy_fence.htm)
$29.95. Free demo download
Prevent changes, access, and manipulation of files by remote or intrusive users or
programs. Alerts you of intrusive attempts to access your files. Prevents attacks via
Trojan Horse, port scanning, shared file access, or password interception.
ProxyStalker for NT
Haystack Laboratories, Inc.; later Trusted Information Systems
POLYCENTER
Security Intrusion Detector
further development of DECinspect Intrusion Detector
http://www.digital.com/info/security/id.htm
Digital Equipment Corporation, now COMPAQ
RealSecure
http://www.iss.net/prod/rs.html
http://solutions.iss.net/products/rsecure/
Internet Security Systems, Inc., Atlanta, Georgia
RETISS (REal-TIme expert Security System)
Universita di Milano, Italia
RID
(Reactive Intrusion Detection for Gauntlet Firewalls)
http://http://www.lurhq.com/rid/rid20info.pdf
LURHQ Corp., Conway, SC
Secure PIX
Firewall by Cisco Systems Inc
(www.cisco.com/univercd/cc/td/doc/pcat/fw.htm)
Approx. $5,000
User authentication and authorization with cut-through proxy, centralized configuration
and management with the PIX Firewall Manager, and failover/hot standby upgrade option
(eliminates a single point of failure, with two PIX Firewalls running in parallel)
SecureNet PRO
http://www.mimestar.com
MimeStar, Inc., Blacksburg, VA
SecureSwitch
http://www.ods.com/
ODS Networks, Inc., Richardson, Texas
SHADOW
(Secondary Heuristic Analysis for Defensive Online Warfare)
http://www.nswc.navy.mil/ISSEC/CID
Naval Surface Warfare Center, Dahlgren Division
SIDS (Statistical Intrusion Detection System)
SRI International, Menlo Park, California
Snort
http://www.snort.org/
Martin Roesch
Stake Out
http://www.stakeout.harris.com
Harris Corporation
bibliography
SOHO by
SonicWall (www.sonicwall.com/Firewall/soho.html)
$495 for 10 users, also available for 50+ users.
Ideal for small offices with limited network experience. Quickly and easily installed and
configured. Ability to connect computers and peripherals together to create their own
small network. Accomodates external hubs or switches for growing networks. Simplifies
sharing broadband Internet connections (e.g. NAT, allowing computers on the private LAN to
share a single IP address to access the Internet.) Supports DHCP, and PPPoE. Upgrades are
available to add virus protection, VPN functionality, a content filter list subscription,
increased node support, extended warranty, and/or premium support to SonicWALL SOHO.
SOHO by Watchguard
(www.watchguard.com/products/soho.html)
$350 for 10 users, $500 for 25 users
Plug-and-play security-dedicated hardware device configures easily using any standard
browser. Dynamic stateful packet filtering firewall technology. Create filter rules based
on port and protocol for both in and outbound traffic. Share your single Cable, DSL or
ISDN high-speed Internet connection. LiveSecurity Service: Receive software updates and
technical support. Renewed annually, the first year subscription is included. VPN Option
and WebBlocker Option.
SonicWall Pro by
SonicWall Inc (www.sonicwall.com/Firewall/pro.html)
Approx. $3,000
Easy installation, simple administrative interface, strong protection; with SonicWALL VPN,
supports up to 100 branch offices or remote access workers; proxy support, pregunfigured
apps, etc.
Sybergen Secure
Desktop by Sygate (www.sygate.com/products/shield_ov.htm)
$35.95. Free 30-day trial.
If an intruder is detected, you will be immediately notified and your Internet connection
will be reconfigured to prohibit further intrusion. Likewise, you will be notified in the
event that an unwanted application on your system attempts to use your Internet
connection. Unobtrusive monitoring with an intuitive user interface. Four customizable
security levels, security audit, detailed logging, and customized reporting.
Sybergen SyGate for
Home Office by SyGate Networks (www.sybergen.com/products/gate_ov.htm)
From $40 (3 users) to $144 (10 users). Free 30-day trial available
Multiple computers can share a single Internet connection. Easy to use. Can be installed,
set up, and run easily and quickly from the user-friendly graphical interface. Gateway
software provides an integrated firewall; packet filtering and dynamic tunneling
technology. Specific sites can be blocked from view
Sybergen Access
Server by Sygate Networks (www.sybergen.com/products/access_ov.htm)
From $337 (25 users) to $849 (unlimited users with upgrade protection). Free 30-day trial
available
Builds on the success of Sybergen SyGate for Home Office by providing an integrated
package of secure Internet access and performance management features that help small and
highly distributed enterprises to maximize the efficiency of their Internet access. With
advanced features and support for larger network environments, Sybergen Access server is
targeted at highly distributed enterprises. Built-in firewall, modem pooling, bandwidth
management and control, simple installation, Network Address Translation (NAT) technology,
diagnostics, VPN support.
RT311 Gateway Router
by Netgear (www.netgear.com/products/rt311ds.shtml)
$260 for ten users, up to 32 users
Multiple computers can share either a DSL or cable modem connection and the same IP
address. DHCP and NAT+ compatible with popular IRC and video conferencing software, 10/100
Ethernet LAN connection, free 24/7 support. Stateful packet inspection, port forwarding,
and customizable filters allow only authorized traffic to come through.
TIM (Time-based Inductive Machine) based IDS
University of Illinois at Urbana-Champaign
Tivoli Cross-Site
for Security
http://www.tivoli.com/products/index/cross-site_sec/index.html
Tivoli Systems, Inc., TX; (an IBM company)
T-sight
http://www.EnGarde.com/software/t-sight/index.html
En Garde Systems, Inc.
UNICORN
(Unicos Realtime NADIR)
http://www.EnGarde.com/~mcn/unicorn.html
Los Alamos National Laboratory, Los Alamos, New Mexico
USTAT
(Unix State Transition Analysis Tool)
http://www.cs.ucsb.edu/TRs/TRCS93-26.html
University of California at Santa Barbara
VPN-1 Appliance
330 by CheckPoint (www.checkpoint.com/products/vpn1)
Approx. $4,000 to $8,000
Suited for larger installations. Web-based interface, layer 7 switching abilities, logging
and reporting by port, service, protocol, and time of day; fail-over option, and more.
VisionIDS
http://www.whitehats.com/ids/
Developer: Max Vision (Whitehats)
WebRamp 700
by RampNetworks (www.rampnetworks.com/products/700s)
$480 for 5 users, also 25 and unlimited user licenses available; content filtering $120
Works over cable or xDSL modems, other WebRamp models, or other routers. Blocks access to
certain Web sites, filters Web content, monitors user access, protects your network from
unauthorized access, and so on. PPPoE support. Optional VPN IPSec upgrade for secure
communication. Simple to install and operate.