Free intrusion detection software for windows

Sax2 Intrusion detection system(Free) 3.0 is an ideal program to protect intrusion. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing and automatic expert detection. By giving you insights into all of your networks operations, Sax2 makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, detect network vulnerabilities and discovered the network whether there is a breach of security strategy and the signs of being attacked in the network of hazard, and then intercept and stop before their invasion. Network administrators can directly monitor http requests, email messages, ftp transfers, as well as real-time activities and message details for the two popular instant messengers: MSN and QQ.

Sax2 is designed to be used by both IT professionals and novice users. Problems are clearly identified, and solutions are suggested in understandable terms. Whether you're a network administrator who needs to identify, diagnose, and solve network problems quickly, an IT professional who wants to monitor user activities on the network, a security manager who needs to ensure that the corporations communications assets are safe, or a consultant who has to quickly solve network problems for clients, Sax2 has the tools that you need.

Major Features:

1. Intrusion Detection and Prevention
2. Conduct of Audits
3. Traffic Statistics
4. Customize Security Policy
5. Real-Time Alert and Response

Do you know whos snooping around your web server? See whos knocking on your web servers front door and what they are up to. This tool is http log based Intrusion Detection Scanner
Logs2Intrusions parses web server logfiles and create possible intrusions report.

Intruder is a reliable Network intrusion detector that will keep your network protected. Intruder is a reliable Network intrusion detector that will keep your network protected.
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize an IDS:
- misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network?s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
- network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall?s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
- passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.