How To Use Patriot NG For Intrusion Detection

Patriot NG is a free host IDS (intrusion detection system) tool which offers you real time monitoring of your Windows operating system and network. It is suitable for users of Windows XP, Vista and 7 in both 32 bit and 64 bit flavours.

Patriot NG offers monitoring of the following:

  • changes to registry keys
  • new files being added to Startup directories
  • new users being added
  • newly installed services
  • changes to the Hosts file
  • new scheduled jobs
  • new hidden windows
  • installation of new drivers
  • new Netbios shares
  • new executables, new DLLs
  • new hosts in your network
  • NIDS

Overall it is a great tool for catching zero day threats as it utilises software behaviour rather than signature files to detect if files and other items are being changed by malware.

Getting started with Patriot NG

Before you can get going with Patriot NG you will need to install WinPcap for Windows which is a quick and simple affair.

install WinPcap first

After installing that you will need to go to the Patriot NG download page from which you will then decide which version of the tool you will download. Basically, you need to choose between the 32 or 64 bit version for Windows:

download Patriot NG

After clicking on the appropriate link you will download the zipped setup file. Unzip this and remember where you save it to.

unzip the setup file

Navigate to where you saved the unzipped setup file and double click on it in order to install Patriot NG.

run Patriot NG setup

Once the installation has run you will notice that the program doesn’t create a desktop icon so you will need to find it’s icon, just to the left of where the clock is. Right click on this to open up a little menu which gives you the options of:

  • start
  • stop
  • status
  • Control Panel
  • Update NIDS rules
  • HomePage
  • About
  • Exit

getting started with Patriot NG

You can choose the Control Panel at this time to see all of the options that are available to you. Click to put a tick next to everything that you want Patriot NG to monitor for you:

Patriot NG settings

Testing Patriot NG

As I mentioned at the beginning, Patriot NG monitors a large number of things for you. Here I test just one facet: New Users in the System.

So, what I did was I went into Control Panel > User Accounts and Family Safety > Add or remover User Accounts and created a new account called Test as you can see below:

new user account test

A couple of seconds after doing so Patriot NG flashed up an alert box telling me exactly what had just happened:

Patriot NG in action

I clicked on YES to resolve the problem…

it works

As you can see, returning to the account list shows that Patriot NG has removed the Test account so all is good.

Visit the Patriot NG download page to try it yourself.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. Thank you for the review ! Nice work

Speak Your Mind

*