Know Your Enemy: Sebek
What follows is a detailed discussion of Sebek, how it works and its value. We will examine the architecture and key components. From there, we will drill down into the implementation issues and technical details of operation. Finally, we will show a usage example demonstrating the use of the Sebek including its new web interface.
|
|
Spotting Intrusions: A Real-Life Scenario
Do you ever get that feeling that your web site's security may have been compromised but you do not really know for sure? Sure, you can keep up with patches and make sure all the ACL's are set correctly but with so many new exploits introduced every week and the huge number of exploits that have never been made public, how can you be sure you are protected?
|
|
Checklist for Deploying an IDS
Installing a Network IDS (NIDS) onto a network requires a significant amount of thought and planning. In addition to the technical issues and product selection there are resource issues, from product cost to manning the sensor feeds and supporting the infrastructure that must also be considered. The scope of this article considers the worst case scenario, that of deploying a NIDS on a remote network (target). The introduction of an IDS into a organization's network can be sensitive and often has political implications with the network staff, and thus a checklist written from the perspective of an outside consultant (even if the IDS is deployed internally) that appeases all parties can be useful to ensure a successful implementation.
|
|
Focus On Linux: Intrusion Detection on Linux
This article focuses on several host-based intrusion detection systems that are available on Linux. In particular, I will cover some of the basics of installing setting up these packages, how they are useful, and in what circumstances they can be used.
|
|
|
|
The Trouble With Tripwire
Even with the protection of a security perimeter, the fact remains that firewalls aren't foolproof and that potential attackers are hard at work, 24 hours a day. Furthermore, some organizations must allow remote logins to machines from sites outside their perimeter, meaning they must maintain a certain number of semi-exposed hosts that are vulnerable to attack.
|
|
Defending Yourself: The Role of Intrusion Detection Systems (IDS)
Although intrusion detection technology is immature and should not be considered as a complete defense, we believe it can play a significant role in an overall security architecture. If an organization chooses to deploy an IDS, a range of commercial and public domain products are available.
|
|
Intrusion Detection: Implementation and Operational Issues
Attacks on the nation's computer infrastructures have become an increasingly serious problem. While government agencies have been common targets, the distributed denial-of-service attacks that materialized last year primarily targeted commercial sites.
|
|
State of the Practice of Intrusion Detection Technologies
This section covers a range of topics dealing with current ID technology and practice to illustrate where ID systems stand today. We start with a review of technology, looking at currently used tools in the research, commercial, and public domains. We then look at market conditions, summarizing several papers and surveys that describe the current market and where it is headed. We conclude by discussing some experiences with representative ID products that indicate why current ID systems are not the only solution to fix all security problems.
|
|
|
|
Airids Architecture And Methodology
A hybridized IDS framework that tries to fuse different technologies into an Intelligent Intrusion Prevention system, called 'Airids' for short.
|
|
Tripwire Intro on Linux
What Tripwire is, how it is installed and used on Linux. This guide provides you with the basics needed for simple monitoring of your system.
|
|
A poor-man Tripwire-like system on Windows 9x/NT
A simple and low-cost way to implement Tripwire-like capabilities on a Microsoft Windows 95/98/NT/2000/* machine. I came to the conclusion that this setup provides efficient system integrity checking, even uncovering some unexpected file activity. I leave to the reader to figure out the best configuration, common sense should rule. I hope this will help many people at securing their systems for the best price in the world.
|
|
Improving Passive Packet Capture: Beyond Device Polling
Passive packet capture is necessary for many activities including network debugging and monitoring. With the advent of fast gigabit networks, packet capture is becoming a problem even on PCs due to the poor performance of popular OSs. The introduction of device polling has improved the capture process quite a bit but not really solved the problem.
|
|
Actions
Category Stats