It was 2001 when I first heard of the concept of intrusion detection devices that were like burglar alarms. Stephen Northcutt was speaking in a SANS GCIA class regarding SHADOW, the intrusion detection system he developed for the Naval Surface Warfare Center/Dahlgren Division. Part of the explanation was regarding the architecture of the SHADOW IDS. This architecture made a lot of sense to me, especially since the hardware available to me is made up of old workstations. Since these old workstations have less than ideal processing power, we want to make them do as little as possible outside of their primary task. This isn’t that big a deal for the analyzers, since they don’t have to capture packets.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
