| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Honeypots
|
|
ISS RealSecure
|
|
Snort
|
|
Intrusion Detection, Theory and Practice This article gives an overview of several types of intrusion detection systems, and introduces the reader to some of the concepts and practices involved in intrusion detection. Be aware that this article is only introductory, and while I have suggested a number of possible systems, further research should always be undertaken before trusting in the strength of your intrusion detection system.
By David , 04/22/2004
|
|
Intrusion Detection Terminology (Part Two) The first part of this series discussed the concept of Alerts, Consoles, False Negatives, and many other terms that are important for Intrusion Detection Systems (IDS). This second and final terminology article will continue in the same vein, starting with an explanation of the many different types of IDSs that exist today.
By Andy Cuff, 04/22/2004
|
|
Intrusion Detection Terminology (Part One) Intrusion Detection Systems (IDS) are still in their infancy, but in terms of development they are evolving at an extraordinary rate. The terminology associated with IDS is evolving just as rapidly. As a result of IDS' rapid growth and the marketing prowess of some IDS vendors, some confusion has arisen about the correct meaning of key terms. In some cases the same term may be used by different vendors to mean different things. This is the first of a two-part series that discusses IDS terminology, including terms where there may be disagreement from within the security community. Wherever possible, I have tried to include all definitions except where I consider usage of the term to be inaccurate or misleading.
By Andy Cuff, 04/22/2004
|
|
Finding dsniff on Your Network This paper covers some ways to detect dsniff and two of its utilities, arpspoof and macof, on a network. Arpspoof and macof tools were used with dsniff to determine if dsniff could be detected. The following programs were used to detect various aspects of dsniff: Arpwatch, ZoneAlarm, Antisniff and tcpdump. Our existing Fluke network test equipment was connected to the network to evaluate what indicators each could provide about dsniff and its tools.
By Richard Duffy, 04/18/2004
|
|
The Design and Theory of Data Visualization Tools and Techniques The purpose of this paper is to inform and educate security professionals about the analytical potential of using a tool or technique that renders visual representations of the data/traffic that traverses a given network. The emphasis is on the design and theory behind such tools. Included are examples of data visualization products that are commercially available.
04/15/2004
|
|
Intrusion Detection Interoperability and Standardization Intrusion detection is an area of increasing attention and its deployment has accelerated rapidly in enterprises and mission-critical systems over the last few years. Commercial vendors and the open source community have responded with a plethora of intrusion detection products. Now a new issue has surfaced - there is no standard way for these closed and incompatible systems to communicate. Lack of standards hampers research and deployment of intrusion detection technology. First “Common Intrusion Detection Framework” (CIDF) and then simpler to use “Intrusion Detection Message Exchange Format” (IDMEF) have been proposed as the standards to be used by such systems to interoperate and exchange messages. This paper presents the motivation for such standardization efforts and an overview of a potential standard – IDMEF along with its communication protocol IDXP.
04/15/2004
|
|
SSH and Intrusion Detection Widespread use of the SSH protocol greatly reduces the risk of remote computer access by encoding the transmission of clear text usernames and passwords. Prior to the use of SSH, packet sniffing, which allows malicious users to watch for the login process in the clear text packet traffic on a network segment, was an easy method for a malicious user to gain unauthorized access to a machine. Unfortunately, use of SSH might allow a malicious user to bypass intrusion detection systems because of its encrypting of the data payload and its ability to tunnel protocols. This paper outlines the role and issues with the use of the SSH protocol, types and methods of intrusion detection, and proposes techniques and an architecture for an intrusion detection system that uses the SSH daemon as a sensor.
04/15/2004
|
|
A Single IDS Console Please: ManHunt 2.1 Pilot Test Many companies have deployed a variety of network intrusion detection systems (NIDS) over time as their networks and security strategies have evolved. We certainly found ourselves in this position at the company I work for. We had deployed Snort, Dragon and ManTrap on the network, not to mention Tripwire and all of the host system log files we have to audit. This created a piecemeal system that left us with several administration consoles and hundreds of events to sort through. We needed a way to bring them together into a single console that would enable our security personnel to aggregate, correlate and analyze them. Without that we will be crippled by the sheer volume of events. Furthermore, we wanted to add more sensors to our network, and preferably sensors that were based on a different technology than the signature based systems we had already deployed.
04/15/2004
|
|
Doing My Part - Sending Data to the Internet Storm Center There are a number of excellent papers on small office / home office (SOHO) security in the SANS Reading Room that provide clear examples of using a variety of inexpensive firewall devices and/or software-based personal firewalls, which allow even a novice to start at the beginning and slowly work through securing a home or small office network. Following these best practices is an excellent start, but my SANS Security Essentials instructor, Bob Hillery, made it a point to emphasize that locking the doors is only a part of the answer -- to really be secure on the internet you have to go a step further – you have to do your part to stop hacker activity. This paper documents the procedure that I set up to automate collecting and sending intrusion attempt information to Incidents.org and the Internet Storm Center, then discusses my results and some possible next steps.
04/15/2004
|
|
Intrusion Prevention Systems- Security's Silver Bullet? This paper takes a look at Intrusion Prevention Systems (IPS), preceded by a history of network security components that fortify our networks. An understanding of Firewalls, Anti-Virus programs, and IDS is important, before moving onto IPS. Earlier systems have served us well, but with the proliferation of sophisticated attacks and the discovery of new vulnerabilities, new methods are needed to protect precious data and network resources.
04/15/2004
|
|
Page: 12345 6 78910 |
