An Intrusion Detection System (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer system, mainly through a network, such as the internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees.
EasyIDS is currently built from CentOS 4.6 and Snort. It is a passive system. EasyIDS is installed to a dedicated personal computer. It is very easy to setup or almost nothing to setup. For the installation and setup please refer to her website Documentation section.
EasyIDS at least requires two network interface cards (NICs), 384MB RAM or more and 8GB hard drive or larger. The system can be configure by mean of web GUI with your browser.
I put my EasyIDS behind my ZeroShell, a firewalled PC-based router, and connected to the other servers and clients by switches.
Switch with port mirroring is very expensive and hub is hardly to be purchased in Hong Kong nowadays. You can make a DIY network TAP according to this link.
The colour code of the cable and jack (I purchased 4 CLIPSAL jacks and 1 CLIPSAL panel) :
1 = orange/white
2 = orange
3 = green/white
4 = blue
5 = blue/white
6 = green
7 = brown/white
8 = brown
*If you have unplug and replug the cable(s), you should reboot your EasyIDS; otherwise, it will not work properly.
I am now working on turning the EasyIDS to be an Intrusion Prevention System (IPS).
Security is very important even at home!