| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Honeypots
|
|
ISS RealSecure
|
|
Snort
|
|
The Keep Within the Castle Walls - An Experiment in Home Network Intrusion Detection There are a number of security measures that can be implemented to protect a network. One of the key components that will assist in determining whether a system is being attacked is a network-based intrusion detection system (NIDS). A wonderful and free NIDS is snort. The GSEC course discusses how to set up snort on a Windows-based system. I will discuss how to set up snort 1.9.1 – the latest version – on a virtual Linux machine. First, the “before” scenario will describe the situation before this security improvement is enacted. Second, I will assess the risk, discuss why someone should consider network intrusion detection, talk about snort, VMware, and Linux, and investigate configuration options. I’ll conclude with some implementation notes, enhancements and the “after” scenario. The appendices provide brief installation instructions and resources for further information.
04/15/2004
|
|
An Overview of PureSecureTM This paper’s objective was to examine the role of the Intrusion Detection System (IDS) in modern security strategies, establish a set of criteria for IDS evaluation, investigate the functionality of PureSecureTM, an application developed and marketed by Demarc Security, and present conclusions concerning its desirability as a working IDS. The paper’s objectives were accomplished by researching various sources, to include the PureSecureTM product documentation and the experience of the writer and other users who have installed and used the application. This paper documents the conclusion that PureSecureTM is an excellent low-cost product that can provide an essential part of the total security solution for many small to medium organizations.
04/15/2004
|
|
Intrusion Detection Is Dead. Long Live Intrusion Prevention! This practical will demonstrate the limitations and drawbacks of intrusion detection as well as the reasons why intrusion prevention is a vastly better method of securing a network. In summary, IDS (Intrusion Detection Systems) will soon be rendered obsolete by IPS (Intrusion Prevention Systems).
04/15/2004
|
|
Intrusion Prevention - Part of Your Defense in Depth Architecture? The tools available to IT security professionals are becoming more proactive by attempting to prevent, rather than only detect, exploits from damaging critical assets. Intrusion prevention, in particular, has received a lot of attention in the IT press in the last several years. This paper will explore Intrusion Protection Systems (IPS) from the perspective of using IPS as part of a Defense in Depth strategy. First we will describe Defense in Depth. We will then explore various components of a traditional Defense in Depth architecture. This paper will explain the various technologies of IPS. We will conclude with a discussion of what these tools can and cannot do in a comprehension security program.
04/15/2004
|
|
IDMEF "Lingua Franca" for Security Incident Management The Intrusion Detection Working Group, chartered by the IETF has been working for some time on a set of specifications that will allow the transfer of intrusion detection information between the detection device (Analyzer) and a management station (Manager). These specifications provide for the format and structure of the messages and the protocols used to do the actual transfer. The relationship of these protocols is discussed as well as an overview of the specifications themselves. The importance of this development is also discussed as well as the current status of the protocols and a number of implementations.
04/15/2004
|
|
Packet Level Normalization This paper proposes that any Signature Based Passive Network Intrusion Detection (NID) deployment is incomplete without an 'In-line' 'Packet Level Normaliser'. A number of published papers will be selectively reviewed, assessing their contribution to the development of this field. Focusing on the Network Layer, a 'walkthrough' of the IP protocol will be followed by a Lab where the Normaliser 'norm' will be employed to illustrate core concepts. Packets will be manufactured using 'NetDuDe' and 'Fragroute'. The output will be in 'tcpdump' format. The paper culminates with a brief review of current normaliser technology.
04/15/2004
|
|
Intrusion Detection on a Large Network This paper will describe in detail the steps for setting up and managing an intrusion detection system across a large corporate network. It will begin with a discussion of the potential problems and benefits of the use of a NIDS on a large network. The basics of installing, configuring and implementing the necessary software on a hypothetical network will be covered. Additional steps to automate, fail-safe and secure the system will be described. Finally, a brief discussion of the potential difficulties of tuning a rule-based system such as Snort that is deployed on a large, heterogeneous, well-secured network will be presented.
04/15/2004
|
|
Intelligent Correlator for NIDS In today NIDS the number of alerts may be huge and the delay in between an alert is generated and the system administrator analyzes it, can be too long and the situation can be changed, e.g. with dual boot Unix-Windows machines. Therefore we would like to give a low priority or to filter out not relevant alerts. We would like also to gather more information about the target of the attack at the time the attack has been performed. The goal of this work is the realization of a prototype of a system that reduces the number of false positives of a NIDS by triggering a real time collects for information upon alert reception.
04/14/2004
|
|
Intrusion Detection with MOM - Going Above the Wire There are several areas, or layers, where intrusions into a system can occur. At the “wire” or network layer, there are several tools that can successfully discern the nature of traffic for most commercial protocols. But how do you respond to the challenge of knowing what happens when you need to analyze “above the wire”, at the operating system and application layers? What about when traffic is properly formed and does not trigger IDS rules? By focusing on the WAN/LAN layer traffic and looking for “exception traffic” – signatures within packets that are indicative of malicious intent - properly formed, legal traffic is virtually ignored. With attackers getting more sophisticated, the analyst needs to respond with tools that can be used above the wire at the application and operating system level.
04/14/2004
|
|
The Human Factor - Adding Intelligence and Action to Intrusion Detection Intrusion detection systems need to communicate with analysts on multiple levels. They need to be scaleable, reliable, effective, and efficient; in addition, they need to be responsive to human intelligence and intuition. To be safe from attack themselves, they need to be invisible to hackers. This paper explores the current state of Intrusion Detection Systems (IDS) technology with its roots dating from 1985. It identifies system requirements and essential elements in the context of an overall architecture; and it highlights several systems, available today, that fit nicely into the suggested architecture. The future of IDS will be much like its past. Technology will continue to evolve, attacks will become more difficult to detect, and humans will be needed more than ever.
04/14/2004
|
|
Page: 123456 7 8910 |
