Advertise Search Members Free Magazines Newest Links Categories Register Login

Application Security Architecture Authentication Certifications Corporate Compliance Cryptology Disaster Recovery Enterprise Security Exploits Firewalls Incident Handling Intrusion Detection Link Directory OS Security Policies and Procedures Security Basics Security Management Security Tools Servers Standards Techie Humor VoIP Vulnerability Management Web Security WIFI Security Worms and Viruses Definition of Intrusion Detection What is intrusion detection? The act of detecting unauthorized access to a computer system or network. Most Popular Sponsor 802.1X Authentication Standard for Network Access Control

Intrusion Detection Honeypots ISS RealSecure Snort Cisco ASA 5500 Series IPS Edition Video Data Sheet6 min. 35 sec. The Cisco ASA 5500 Series IPS Edition provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network. Watch the Video Host and Network Intrusion Prevention As the number and frequency of threats has increased, the increasing complexity of the network environment has made mitigation of these threats harder to achieve. Modern networks have evolved for the purposes of distributing critical information and services to an ever-expanding group of users. The need for access to these critical services has led to the development of redundant communication links, wireless networks, mobile notebook computers, handheld digital devices, even internetenabled cellular phones. These new access technologies and links increase the value of the information systems they support, but at the same time provide more paths for attack and compromise. This paper will address the need for Intrusion Prevention Systems, will explore the two most popular IPS architectures and will try to provide insight into the selection and use of these systems. Read the Article Building intrusion detection to 1 Gbps and beyond46 min 29 sec With the advent of worms, passive malcode, and sophisticated attackers, the "Big Firewall" model of security has failed. To build robust commercial networks in the future, security will need to move into the LAN infrastructure. The LAN vantage point requires a nearly two-order-of-magnitude cost/performance improvement over conventional network intrusion detection and response. In this talk, I introduce the rational for LAN-centric defences and the difficulties in implementing for these targets. I will then discuss our work on Shunting, a technique which enables the Bro intrusion detection to operate at Gigabit line rate with the addition of a small piece of hardware support. The small hardware enables Bro to decide, on a connection by connection basis, whether a connection requires further analysis. Additionally, VLAN-rewriting can allow a shunt, when coupled with a commodity managed Ethernet switch, to control all network traffic which passes through the switch. Watch the Video Windows Intruder Detection Checklist This document outlines suggested steps for determining whether your Windows system has been compromised. System administrators can use this information to look for several types of break-ins. We also encourage you to review all sections of this document and modify your systems to address potential weaknesses. The term "Windows system" is used throughout this document to refer to systems running Windows 2000, Windows XP, and Windows Server 2003. Where there is a distinction between the various operating system versions (e.g., a capability available to only one OS version) the document will note this as such. In this document, we make a distinction between the terms "auditing" and "monitoring". We use auditing to indicate the logging or collection of information and use monitoring to indicate the routine review of information obtained by auditing to determine occurrences of specific events. Read the Article Know Your Enemy: Passive Fingerprinting Traditionally, Operating System fingerprinting has been done using active tools, such as queso or nmap. These tools operate on the principle that every operating system's IP stack has its own idiosyncrasies. Specifically, each operating system responds differently to a variety of malformed packets. All one has to do is build a database on how different operating systems respond to different packets. Then, to determine the operating system of a remote host, send it a variety of malformed packets, determine how it responds, then compare these responses to a database. Fyodor's nmap is tool of choice when using this methodology. Read the Article A Framework to Collect Security Events for Intrusion Analysis This paper assumes you need a way to consolidate event logs from these devices and present them to the people who are chartered to analyze and take action when it becomes necessary. Many organizations have a firewall, at a minimum, while others are fortunate enough to have intrusion sensors. As the number of network devices increases and perhaps the number of vendors it becomes increasingly difficult to use the information that these devices provide for analysis in an efficient manner. Read the Article Intrusion Detection using ACID on Linux ACID is a PHP-based analysis engine designed to search through and process a database of incidents generated by security-related software such as IDSes and firewalls. Sensor systems are used to collect alert data that is sent to the ACID system for further analysis. For the purpose of this paper, the sensor and ACID system are one in the same. Read the Article Spotting Intrusions: A Real-Life Scenario Do you ever get that feeling that your web site's security may have been compromised but you do not really know for sure? Sure, you can keep up with patches and make sure all the ACL's are set correctly but with so many new exploits introduced every week and the huge number of exploits that have never been made public, how can you be sure you are protected? Read the Article Checklist for Deploying an IDS Installing a Network IDS (NIDS) onto a network requires a significant amount of thought and planning. In addition to the technical issues and product selection there are resource issues, from product cost to manning the sensor feeds and supporting the infrastructure that must also be considered. The scope of this article considers the worst case scenario, that of deploying a NIDS on a remote network (target). The introduction of an IDS into a organization's network can be sensitive and often has political implications with the network staff, and thus a checklist written from the perspective of an outside consultant (even if the IDS is deployed internally) that appeases all parties can be useful to ensure a successful implementation. Read the Article Experiences Benchmarking Intrusion Detection Systems This paper is about benchmarking IDS systems Read the Article Page: 1 2 3 4 5 6 7 8 9 10 11 Members currently browsing this category:

Copyright 2008 AttackPrevention