| dc.description.abstract | Many companies and organizations offer IT-services (news papers, social
sites, web developers and etc.) to the public, and those services needs to be
protected. The amount of computer threats are increasing drastically, and
many attacks are directed to those services companies offer. Larger companies
have the economy to buy expensive security tools to protect their services,
while smaller companies may have the same economy.
Open source is an interesting field for those who do not have the need or
the economy to buy expensive security solutions. Intrusion detection system
is a well known security tool, and it could either be bought as a payment solution,
or be downloaded from the web as an open source solution. Snort,
Bro and Suricata are three different open source network intrusion detection
systems.
By comparing installation, configuration, alarms and information one can
find out which solution that fits your network best. The process of setting up
the test environment, installation and configuration of Snort, Bro and Suricata,
and installation of Metasploit have been a time consuming process. Snort, Bro
and Suricata have been tested in a network, and against a Metasploit framework
with known exploits. Running Snort, Bro and Suricata in a network,
have shown huge differences regarding the number of alarms produced, and
also differences in the logs produced. The results after running Metasploit
showed some unexpected but clarifying results in the logs created. The whole
process has been evaluated, and there has been given a summary of Snort, Bro
and Suricata regarding installation, configuration and alarms. | eng |