| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Honeypots
|
|
ISS RealSecure
|
|
Snort
|
|
Intrusion detection evasion: How Attackers get past the burglar alarm The purpose of this paper is to show methods that attackers can use to fool IDS systems into thinking their attack is legitimate traffic. With techniques like obfuscation, fragmentation, Denial of Service, and application hijacking the attacker can pass traffic under the nose of an IDS to prevent their detection. These are techniques that the next generation of IDS needs to be able to account for and prevent. Since it would be almost impossible to create a product that was not vulnerable to one of these types of deception I suggest that a new type of product needs to evolve and emerge, a centralized security Management Platform.
02/18/2004
|
|
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection We outline in this paper two basic problems with the reliability of passive protocol analysis: 1 there isn't enough information on the wire on which to base conclusions about what is actually happening on networked machines, and (2) the fact that the system is passive makes it inherently "failĀ”open," meaning that a compromise in the availability of the IDS doesn't compromise the availability of the network. We define three classes of attacks which exploit these fundamental problems---insertion, evasion, and denial of service attacks --- and describe how to apply these three types of attacks to IP and TCP protocol analysis. We present the results of tests of the efficacy of our attacks against four of the most popular network intrusion detection systems on the market.
02/18/2004
|
|
IDS Zone Placement Diagram Diagram of IDS Placement in a network by Scott Sanchez
02/18/2004
|
|
Focus On Linux: Intrusion Detection on Linux This article focuses on several host-based intrusion detection systems that are available on Linux. In particular, I will cover some of the basics of installing setting up these packages, how they are useful, and in what circumstances they can be used.
02/18/2004
|
|
Experiences Benchmarking Intrusion Detection Systems This paper is about benchmarking IDS systems
02/18/2004
|
|
Checklist for Deploying an IDS Installing a Network IDS (NIDS) onto a network requires a significant amount of thought and planning. In addition to the technical issues and product selection there are resource issues, from product cost to manning the sensor feeds and supporting the infrastructure that must also be considered. The scope of this article considers the worst case scenario, that of deploying a NIDS on a remote network (target). The introduction of an IDS into a organization's network can be sensitive and often has political implications with the network staff, and thus a checklist written from the perspective of an outside consultant (even if the IDS is deployed internally) that appeases all parties can be useful to ensure a successful implementation.
02/18/2004
|
|
Spotting Intrusions: A Real-Life Scenario Do you ever get that feeling that your web site's security may have been compromised but you do not really know for sure? Sure, you can keep up with patches and make sure all the ACL's are set correctly but with so many new exploits introduced every week and the huge number of exploits that have never been made public, how can you be sure you are protected?
02/18/2004
|
|
Page: 123456789 10 |
