| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Honeypots
|
|
ISS RealSecure
|
|
Snort
|
|
Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS A positive return on investment (ROI) of intrusion detection systems (IDS) is dependent upon an organization's deployment strategy and how well the successful implementation and management of the technology helps the organization achieve the tactical and strategic objectives it has established. For organizations interested in quantifying the IDS's value prior to deploying it, their investment decision will hinge on their ability to demonstrate a positive ROI. ROI has traditionally been difficult to quantify for network security devices, in part because it is difficult to calculate risk accurately due to the subjectivity involved with its quantification. Also, business-relevant statistics regarding security incidents are not always available for consideration in analyzing risk.
By David Kinn, Kevin Timm, 04/22/2004
|
|
IDS Terminology, Part Two: H - Z This is the second of two articles intended to introduce readers to some IDS terminology, some of it basic and relatively common, some of it somewhat more obscure. (To see the first article, please click here.) As a result of the speed of growth of IDSs, and the marketing prowess of some IDS vendors, come confusion has arisen about the proper meaning of certain terms: the same term may be used by different vendors to mean different things. Wherever possible, I have tried to include all terms except where I consider usage of the term to be inaccurate or misleading. This is a living document: if I'm missing any terms or you wish to discuss my interpretation please don't hesitate to contact me.
By A. Cliff, 04/22/2004
|
|
Intrusion Detection Systems Terminology, Part One: A - H This article is intended to introduce readers to some IDS terminology, some of it basic and relatively common, some of it somewhat more obscure.
By A. Cliff, 04/22/2004
|
|
Identifying and Tracking Emerging and Subversive Worms Using Distributed Intrusion Detection Systems Worms continually become more sophisticated, as new propagation methods and stealth techniques are developed and implemented. As worms continue to evolve, so must our ability to detect and track them. One solution is the use of distributed intrusion detection systems (dIDS) to identify new and emerging worms that utilize new subversive propagation techniques. This paper will discuss how and why the dIDS design is able to identify, detect, and track worms even as they implement more advanced propagation methods.
By Nathan Einwechter, 04/22/2004
|
|
Host Integrity Monitoring: Best Practices for Deployment The purpose of this article is to highlight the important steps and concepts involved in deploying a host integrity monitoring system. Being aware of these concepts can mean the difference between a useful deployment, and one that is rendered ineffective or more trouble than it is worth.
By Brian Wotring, 04/22/2004
|
|
Evaluating Network Intrusion Detection Signatures, Part Three In this three-part series of articles, we are presenting recommendations that will help readers to evaluate the quality of network intrusion detection (NID) signatures, either through hands-on testing or through careful consideration of third-party product reviews and comparisons. The first installment discussed some of the basics of evaluating NID signature quality, as well as selecting attacks to be used in testing. The second installment concluded the discussion of criteria for choosing attacks and provided recommendations for generating attacks and creating a good testing environment. This article will wrap up the series by examining other ways of generating attacks with other security-related tools and by manually creating your own attacks.
By Karen Kent Fredrick, 04/22/2004
|
|
Evaluating Network Intrusion Detection Signatures, Part Two In this series of articles, we present recommendations that will help readers to evaluate the quality of network intrusion detection (NID) signatures, either through hands-on testing or through careful consideration of third-party product reviews and comparisons. The first installment discussed some of the basics of evaluating NID signature quality, as well selecting attacks to be used in testing. This article will conclude the discussion on criteria for choosing attacks and then provide recommendations for generating attacks and creating a good testing environment. We begin by discussing some methods of acquiring attacks and attack traffic.
By Karen Kent Fredrick, 04/22/2004
|
|
Evaluating Network Intrusion Detection Signatures, Part One Over the past several years, a number of academic and commercial entities have conducted evaluations of various network intrusion detection (NID) software, to determine the overall effectiveness of each product and to compare the products to each other. Many system administrators and security analysts are also responsible for conducting their own evaluations of NID products, in order to choose a solution for deployment in their environments. NID evaluations typically include some rough indication of the relative quality of each product's signatures. However, high signature quality is critical to achieving a good NID solution, so the importance of accurately evaluating signature quality cannot be stressed strongly enough.
By Karen Kent Fredrick, 04/22/2004
|
|
Understanding IDS Active Response Mechanisms Debates still rage in the developer community over which methods of detecting attackers are best, but IDS customers as a whole are satisfied with the current IDS technology. To get an edge on the competition, many of the IDS vendors are adding active response capabilities to their products. The concept underlying this tactic is that the IDS will detect an attacker and then move to stop his attack. The problem is that any attacker with a basic knowledge of TCP/IP can easily defeat these mechanisms directly or simply knock the network offline often enough that the Admin is forced to turn off the feature. It is important for Admins to know the limitations of active response mechanisms to avoid being blindsided by them.
By Jason Larsen, Jed Haile, 04/22/2004
|
|
The Great IDS Debate : Signature Analysis Versus Protocol Analysis Intrusion detection systems (IDS) have rapidly become a crucial component of any network defense strategy. Over the past few years, their popularity has soared as vendors have refined their results and increased performance capabilities. At the heart of intrusion detection systems lies the analysis engine. It reviews each packet, determines if it is malicious, and logs an alert if necessary - the core tasks of an IDS. Two different IDS techniques, each favored by separate and loyal camps, have emerged as the preferred engine behind the software. Despite the copious marketing material and fiery online debates, each method has distinct strengths and weaknesses. In this article, we'll examine and compare the two different techniques: signature analysis and protocol analysis.
By Matt Tanase, 04/22/2004
|
|
Page: 123 4 5678910 |
