A network based Intrusion Detection System, which also enables a user to prevent intrusions through a host of useful tools.
Features: Sax2 is a mainly an Intrusion Detection System (IDS). To this end Sax2 performs advanced real time packet capturing functions, advanced protocol analysis, 24x7 network monitoring, and Expert detection. It is a network based IDS: it collects, filters and analyzes all traffic that passes through a given network location. A single Sax2 monitor, appropriately placed (example: on a gateway) can provide IDS and intrusion prevention services for the entire network at a local site. Intrusion detection and prevention is done through the detection of a variety of attacks including Denial of Service, CGI/WWW, buffer overflow, windows and UNIX vulnerability, unauthorized access and hacking, ARP detection, IP spoofing and more. It also protects against worms, Trojans, etc. It allows you to configure the security policy with fine-grained controls. Real-time alerting and response to alerts is provided by Sax2. It allows for advanced traffic analysis, log generation, and in-depth packet decoding. These can be used to generate traffic usage reports and the statistical traffic analysis tools add to these capabilities. In this vein, it also provides for monitoring individual conversations and packet streams (or flows). A Name Table provides a list of aliases for addresses, port numbers and protocols on the LAN, and this can be used to set up different names and colors to make it easier for the administrator to narrow in on specific information in the future.
Overall: It is an excellent tool and promises to be useful for intrusion detection and prevention even in a hostile or particularly susceptible environment. The main drawback is that this really isn’t a tool for novice or even average users, with an interface which though it is quite intuitive, really, has too much detailed that can become overwhelming for a non-advanced user. A toned-down version with simple detection and prevention tasks is recommended so that it can become truly user-friendly to every kind of user.