Intrusion detection warning for when gaming in full screen

Discussion in 'Networking & Security' started by InaDaise, Sep 28, 2019.

  1. InaDaise

    InaDaise [H]Lite

    Messages:
    67
    Joined:
    Dec 13, 2016
    I'm looking into getting an intrusion detection (IDS) mainly for when I'm playing games in full screen on my pc. Like should it be an external device with light/audio warnings? Or can I be assured it can warn me with a popup or anything visual on the screen when I'm in a game? Or when in any other program like Photoshop for that matter.

    I have ATT Uverse dsl 4 port modem router with wifi, their standard residential unit. I'm all wired with ethernet, I don't use wifi unless sometimes on my cell phone. The condo building has 8 family units and most or all of them have wifi with ATT or Spectrum or other provider in San Diego CA. And my 2 PCs are on the ATT network with Win 10 Home on both. And a I7 7700, Rtx 2080 Ti, 16gb ram, 2tb hhd on one PC and similar specs on the other PC. Edit - and Norton security on both.
     
    Last edited: Sep 28, 2019
  2. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    12,033
    Joined:
    Jun 13, 2003
    Second monitor?

    I hate gaming without a second monitor...
     
  3. Spartacus09

    Spartacus09 [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Apr 21, 2018
    I’m the opposite I dislike having a second montior sapping precious gpu compute from my fps.
    That said OP are you really that concerned/paranoid about someone getting in? What are you most concerned about?
     
  4. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    12,033
    Joined:
    Jun 13, 2003
    Use CPU graphics or another GPU... but yeah.

    Other options would include using another machine, which would make some sense given that an IDS would be best placed between the desktop system and the firewall, so you could use a single-board computer (SBC) with two ethernet ports and say pfSense and then an old phone or tablet to monitor it...?
     
  5. Spartacus09

    Spartacus09 [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Apr 21, 2018
    Depending on your internet a intel NUC, itx SFF, or maybe even a rasberry pi (though that likely wouldnt have enough compute)
     
    IdiotInCharge likes this.
  6. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    12,033
    Joined:
    Jun 13, 2003
    The Pi 4 should, but since it doesn't have two native ethernet controllers, let alone two Intel ethernet controllers for BSD, and since it's not x86, it's a no-go for that application at the moment. But you don't really need more compute than a Pi 4, nor more than 4GB of RAM, just x86 and at least two Intel NICs*. The bigger challenge is size, power usage, and noise really. A salvaged ebay PC with a dual-port Intel NIC is the cheapest way to do it with a good performance envelope. Nicer would be something fanless; I've looked closely at Shuttle's super-SFF lines for this purpose but I haven't wanted to spend the cash on it yet.


    [*doesn't have to be Intel, but in this case, Intel makes the cheapest featureful NICs that are widely supported]
     
  7. dragonstongue

    dragonstongue 2[H]4U

    Messages:
    3,156
    Joined:
    Nov 18, 2008
    net/notebook /laptop ?

    I very rare ever see as the "better option"

    however, a dirt cheap low power "super" to keep eye on security without impacting your normal use, sounds like this would be "perfect"

    likely not easy to find "the right one"

    there are A LOT to choose from, sky is the limit I suppose might be a good wording to use ?

    -------------------

    best of luck(s)

    ------------------

    i was wanting to do similar old/new for my Ryzen 3k and have my old 955 declocked etc only purpose for maps, admin, email etc while main is able to take care of itself (also, much less shock to ears go all kind sound, then boom nada if/when BSOD....rather burn a bit more of solar than possible kill system crash that way too often .. am sure the electronics like it even less than my ears do ..

    two monitor over 1 system, 2 monitor over 2 doing roughly the same thing... I take option 2 (beyond heat/power issue, best way to go .. artist do all the time, so do call center, it must be worth doing (when set up correct)
     
  8. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,557
    Joined:
    Mar 4, 2013
    Before worrying about an IDS, get a real firewall appliance with a default block all rule set. Then get a stand alone AP on your side of the firewall. Turn off the AT&T wifi AP for your side as it is now on the wrong side of the firewall. The AT&T modem isn't a real edge security device. Plus they probably setup a AT&T subscriber AP on their side of the network. Supposed to be separate from your side but it is all in the same device and you are trusting them to have it properly implemented.
     
  9. Spartacus09

    Spartacus09 [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Apr 21, 2018
    Alternatively do this except leave the ATT wifi on for just your phone, everything wifi would be outside your network, then all your wired stuff behind the firewall appliance.
     
  10. ThreeDee

    ThreeDee [H]ardForum Junkie

    Messages:
    10,689
    Joined:
    Sep 5, 2001
    recommission an old/unused computer and run a firewall distro on it with IDS and monitor it on a secondary monitor off your PC.

    ..as stated, I have to have a second monitor (read spoiled) .. and with your 2080TI you ain't going to lose any noticeable fps's .. unless maybe if you're playing videos on that second monitor whilst gaming
     
  11. iroc409

    iroc409 [H]ard|Gawd

    Messages:
    1,248
    Joined:
    Jun 17, 2006
    Do you know specifically what kind of intrusions you are looking for? I think the IDS is a somewhat misunderstood piece of software/hardware. An IDS won't prevent anything, and to some extent, for the home user, the "D" may not come fast enough to really do anything (or it'll be lost in the wave of data). An IPS system, nearly the same thing but Prevention instead of detection, is going to be the best for a home user or small company or remote site. However, particularly with free IPS/IDS rule sets, you're not really going to get anything.

    To ask if it should be some sort of device that sounds an alarm, I've never heard anyone even mention that so I'm guessing you haven't spent a lot of time understanding them. Forgive me if this is a poor assumption. You could do that, but it'd probably have to be some custom programming based on syslogs through an rPi or something that sets off the alarm when a specific rule gets a hit.

    For the most part, an IDS is really only effective with very highly tuned rulesets and people with notepads and history that track these things (dedicated network security people). There are tons of IDS/IPS rules, and a lot of people just turn them all on. Each rule is looking for a certain type of network traffic. If the rules don't pertain to your network, such as rules for a certain attack on an ISS server or a Mac desktop, and you don't have those, having the rule is a wasted resource. Having that rule in place might look like some sort of other legitimate traffic, and sends out a false warning. The free rulesets often lag behind, and really probably don't provide you with anything other than a false sense of security. IDS and IPS need to be pretty closely tuned, cared for, monitored, and updated for your network. When I ran Security Onion for a while, it would literally give me tens of thousands of security warnings for a week in a household for two people. How do you begin to sort those out to see which one is credible and which one isn't? How often are you sorting through the warnings? Daily? Hourly? Every ten minutes? When it's an IPS not an IDS and it's stopping your network traffic, what are most people going to do? Bypass the IPS. In today's SSH world, the IPS has to have the ability to decrypt the traffic mid-stream, so you're either going to have to set up certificates for each device (proxy), have the IPS break the encryption and see all sorts of warnings (looks like MITM attacks and may not be effective anyway), or only let the IPS see unencrypted traffic--which is pretty rare these days.

    If you know exactly what kind of rule you're looking for, you can start to see what's out there. If you're looking for a very specific attack when you're playing a certain game, you might be able to build or find rules to prevent that attack. But what are you looking for while you're running Photoshop? Just a random intrusion?

    I know this is not what most want to hear, and apologies if I come off poorly but they aren't really a good solution for home use. I ran an IPS at home for *years* and never once got a real, actionable hit. However, it did prevent all sorts of desirable network traffic, or provided too much false data to be relevant (are you going to search through 5,000 browser heap spray warnings to see if any of it is legit every day?). Personally, with good standard security practices, patched software, and a little common sense you'll probably go a lot farther than the false sense of security you'll get with an IPS. Running patched machines, antivirus, a solid firewall, and a Pi-Hole/ad blockers will probably provide better security at home than any IPS ever will. If you just want to play with one and learn, I 100% support that and there are several. If you want a network based IPS that replaces your router, you can look into something like Sophos, Endian, probably some modules in pfsense, opensense, etc. If you want just a network monitoring / IDS type device, Security Onion is outstanding and comes with all the really good tools premade in one handy appliance you can install on anything with two NICs. If you want something just for your computer itself with no additional hardware, you can look into some of the host-based IDS systems (HIDS). I think the main one is called something strange like Alien Skin or something. It's been ages since I've looked at it.
     
    IdiotInCharge and Spartacus09 like this.