| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Honeypots
|
|
ISS RealSecure
|
|
Snort
|
|
Host Based Intrusion Detection: An Overview of Tripwire and Intruder Alert Intrusion detection systems monitor system and network resources to detect unusual activity or changes. There are two types of intrusion detection systems: host and network based. A network based IDS is placed on the network near the system or systems being monitored and analyzes network traffic for attack patterns and suspicious behavior. A host based IDS resides on the system being monitored and tracks changes made to important files and directories.
By Allison Hrivnak, 04/27/2004
|
|
Network IDS: To Tailor, or Not to Tailor The following discussion centers on the benefits and detractors of rule-based Intrusion Detection Tailoring, and how, overall, it is best to leave tailoring for Network IDS systems to the product vendors.
By Jon-Michael C. Brook, 04/27/2004
|
|
Wireless Intrusion Detection Systems This paper will describe the need for wireless intrusion detection, provide an explanation of wireless intrusion detection systems, and identify the benefits and drawbacks of a wireless intrusion detection solution.
By Jamil Farshchi , 04/22/2004
|
|
Statistical-Based Intrusion Detection Statistical-based systems (SBIDs) take a different approach to intrusion detection. The concept of the SBID system is simple: it determines "normal" network activity and then all traffic that falls outside the scope of normal is flagged as anomalous (not normal). SBID systems attempt to learn network traffic patterns on a particular network. This process of traffic analysis continues as long as the SBID system is active, so, assuming network traffic patterns remain constant, the longer the system is on the network, the more accurate it becomes. By analyzing network traffic and processing the information with complex statistical algorithms, SBID systems look for anomalies in the established normal network traffic patterns. All packets are given an anomaly score (indicating the degree of irregularity for the specific event) and if the anomaly score is higher than a certain threshold, the IDS will generate an alert.
By Jamil Farshchi , 04/22/2004
|
|
Preventing and Detecting Insider Attacks Using IDS Shortly after lunch break, an employee angrily strides out of his supervisor's office, down two rows of desks, and into a single cubicle. He slumps down into his chair and releases an exasperated sigh, as he runs his hands through his hair in disappointment. The raise he thought he was in for has been turned down. He slowly stands up, peering over the cubicle walls to survey the area for other employees. But the area is deserted as most people are out enjoying lunch. Sitting back down, he turns to his computer console, goes to the command line and brings nmap to life against the company's accounting systems. The console displays accounting's SQL server. A few keystrokes later, the employee has edited a few columns in the database, giving himself the raise he had longed for.
By Nathan Einwechter, 04/22/2004
|
|
One of These Things is not Like the Others: The State of Anomaly Detection It's easy to compare an Intrusion Detection System (IDS) with an Anomaly Detection System (ADS). They both look for "bad things" on a system or network, things that may be potential security incidents. Each can work well or produce loads of false alarms. And the final results are the same - a suspicious event is flagged for an administrator to investigate. However, despite these similarities, these tools work quite differently.
By Matt Tanase, 04/22/2004
|
|
Network Monitoring for Intrusion Detection In this article, I will present an introduction to network monitoring and traffic analysis. By combining basic network monitoring and traffic analysis with other intrusion detection methods, you can establish better overall security.
By Karen Kent Fredrick, 04/22/2004
|
|
Managing Intrusion Detection Systems in Large Organizations, Part Two This is the second part of a two-part series devoted to discussing the implementation of intrusion detection systems in large organizations. In the first installment, we looked at some of the challenges of planning, integrating, and deploying IDSs in a large organization. In this installment, we will look at managing agents in a distributed environment, managing data from multiple IDS packages, and correlating data from distributed agents.
By Paul Innella, Oba McMillan, and David Trout, with assistance from Rebecca Bace , 04/22/2004
|
|
Managing Intrusion Detection Systems in Large Organizations, Part One We put this two-part series of articles together to discuss our experiences working with larger organizations so that we may all learn and benefit from them. As security professionals, we are bound to protect the confidentiality of our clients, and thus the names of these parties will not be disclosed in this article.
By Paul Innella, Oba McMillan, and David Trout, with assistance from Rebecca Bace , 04/22/2004
|
|
Justifying the Expense of IDS, Part Two: Calculating ROI for IDS This article is the second of a two-part series exploring ways to justify the financial investment in IDS protection. In part one of this series we discussed general IDS types and expanded on the impact that the logical location of a company's critical networked assets could have on the risk equations. To this end we introduced the Cascading Threat Multiplier (CTM) to expand on the Single Loss Expectancy (SLE) equation. We also reviewed implementation and management costs based on various support profiles and reviewed the commonly accepted risk equations. Finally, we left off with the basic formula for calculating ROI for security, otherwise commonly known as Return on Security Investment (ROSI).
By David Kinn, Kevin Timm, 04/22/2004
|
|
Page: 12 3 45678910 |
