Search Free Magazines Newest Links Categories Register Login

Application Security Architecture Authentication Certifications Corporate Compliance Cryptology Disaster Recovery Enterprise Security Exploits Firewalls Incident Handling Intrusion Detection OS Security Podcasts Policies and Procedures Security Basics Security Management Security Tools Servers Standards Techie Humor Video VoIP Vulnerability Management Web Security WIFI Security Worms and Viruses Definition of Intrusion Detection What is intrusion detection? The act of detecting unauthorized access to a computer system or network. Most Popular Sponsor Backup & Recovery - Top 10 Reasons to Upgrade

Intrusion Detection Honeypots ISS RealSecure Snort Review of Web Applications Security and Intrusion Detection In Air Traffic Control Systems This report presents the results of our audit of Web applications security and intrusion detection in air traffic control (ATC) systems. This audit was requested by the Ranking Minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee. Read the Article Guide to Using Network IPS to Protect Against Next-Generation Cyber Threats Network security threats are on the rise as cyber criminals continue to develop innovative ways to use compromised computers for their own personal gain, creating havoc and jeopardizing security and privacy in the process. Organizations should understand the likely evolution of the threat landscape and develop an appropriate security strategy to address these evolving threats. This paper discusses how Network Intrusion Prevention Systems (IPS) play a critical role in a layered approach to security to protecting against current and future cyber threats. Read the Article Cisco ASA 5500 Series IPS Edition Video Data Sheet6 min. 35 sec. The Cisco ASA 5500 Series IPS Edition provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network. Watch the Video Host and Network Intrusion Prevention As the number and frequency of threats has increased, the increasing complexity of the network environment has made mitigation of these threats harder to achieve. Modern networks have evolved for the purposes of distributing critical information and services to an ever-expanding group of users. The need for access to these critical services has led to the development of redundant communication links, wireless networks, mobile notebook computers, handheld digital devices, even internetenabled cellular phones. These new access technologies and links increase the value of the information systems they support, but at the same time provide more paths for attack and compromise. This paper will address the need for Intrusion Prevention Systems, will explore the two most popular IPS architectures and will try to provide insight into the selection and use of these systems. Read the Article Building intrusion detection to 1 Gbps and beyond46 min 29 sec With the advent of worms, passive malcode, and sophisticated attackers, the "Big Firewall" model of security has failed. To build robust commercial networks in the future, security will need to move into the LAN infrastructure. The LAN vantage point requires a nearly two-order-of-magnitude cost/performance improvement over conventional network intrusion detection and response. In this talk, I introduce the rational for LAN-centric defences and the difficulties in implementing for these targets. I will then discuss our work on Shunting, a technique which enables the Bro intrusion detection to operate at Gigabit line rate with the addition of a small piece of hardware support. The small hardware enables Bro to decide, on a connection by connection basis, whether a connection requires further analysis. Additionally, VLAN-rewriting can allow a shunt, when coupled with a commodity managed Ethernet switch, to control all network traffic which passes through the switch. Watch the Video Windows Intruder Detection Checklist This document outlines suggested steps for determining whether your Windows system has been compromised. System administrators can use this information to look for several types of break-ins. We also encourage you to review all sections of this document and modify your systems to address potential weaknesses. The term "Windows system" is used throughout this document to refer to systems running Windows 2000, Windows XP, and Windows Server 2003. Where there is a distinction between the various operating system versions (e.g., a capability available to only one OS version) the document will note this as such. In this document, we make a distinction between the terms "auditing" and "monitoring". We use auditing to indicate the logging or collection of information and use monitoring to indicate the routine review of information obtained by auditing to determine occurrences of specific events. Read the Article Know Your Enemy: Passive Fingerprinting Traditionally, Operating System fingerprinting has been done using active tools, such as queso or nmap. These tools operate on the principle that every operating system's IP stack has its own idiosyncrasies. Specifically, each operating system responds differently to a variety of malformed packets. All one has to do is build a database on how different operating systems respond to different packets. Then, to determine the operating system of a remote host, send it a variety of malformed packets, determine how it responds, then compare these responses to a database. Fyodor's nmap is tool of choice when using this methodology. Read the Article A Framework to Collect Security Events for Intrusion Analysis This paper assumes you need a way to consolidate event logs from these devices and present them to the people who are chartered to analyze and take action when it becomes necessary. Many organizations have a firewall, at a minimum, while others are fortunate enough to have intrusion sensors. As the number of network devices increases and perhaps the number of vendors it becomes increasingly difficult to use the information that these devices provide for analysis in an efficient manner. Read the Article Intrusion Detection using ACID on Linux ACID is a PHP-based analysis engine designed to search through and process a database of incidents generated by security-related software such as IDSes and firewalls. Sensor systems are used to collect alert data that is sent to the ACID system for further analysis. For the purpose of this paper, the sensor and ACID system are one in the same. Read the Article Spotting Intrusions: A Real-Life Scenario Do you ever get that feeling that your web site's security may have been compromised but you do not really know for sure? Sure, you can keep up with patches and make sure all the ACL's are set correctly but with so many new exploits introduced every week and the huge number of exploits that have never been made public, how can you be sure you are protected? Read the Article Page: 1 2 3 4 5 6 7 8 9 10 11 Members currently browsing this category:

Copyright 2010 AttackPrevention