State of the Practice of Intrusion Detection Technologies
This section covers a range of topics dealing with current ID technology and practice to illustrate where ID systems stand today. We start with a review of technology, looking at currently used tools in the research, commercial, and public domains. We then look at market conditions, summarizing several papers and surveys that describe the current market and where it is headed. We conclude by discussing some experiences with representative ID products that indicate why current ID systems are not the only solution to fix all security problems.
Read the Article
|
Hiding an Intrusion Detection System, A Theoretical Discussion on How to Play 'Hide 'N Go Peek'
This paper discusses the caveats of enplacement of an IDS environment, and what companies are doing about it. Discussion over what may be one (of many) possible method of "hiding" an intrusion detection system environment.
Read the Article
|
Airids Architecture And Methodology
A hybridized IDS framework that tries to fuse different technologies into an Intelligent Intrusion Prevention system, called 'Airids' for short.
Read the Article
|
Tripwire Intro on Linux
What Tripwire is, how it is installed and used on Linux. This guide provides you with the basics needed for simple monitoring of your system.
Read the Article
|
A poor-man Tripwire-like system on Windows 9x/NT
A simple and low-cost way to implement Tripwire-like capabilities on a Microsoft Windows 95/98/NT/2000/* machine. I came to the conclusion that this setup provides efficient system integrity checking, even uncovering some unexpected file activity. I leave to the reader to figure out the best configuration, common sense should rule. I hope this will help many people at securing their systems for the best price in the world.
Read the Article
|
Improving Passive Packet Capture: Beyond Device Polling
Passive packet capture is necessary for many activities including network debugging and monitoring. With the advent of fast gigabit networks, packet capture is becoming a problem even on PCs due to the poor performance of popular OSs. The introduction of device polling has improved the capture process quite a bit but not really solved the problem.
Read the Article
|
Packet Sniffing on Layer 2 Switched Local Area Networks
Packet sniffing is a technique of monitoring network traffic. It is effective on both switched and non-switched networks. This paper discusses several methods that result in packet sniffing on Layer 2 switched networks. Each of the sniffing methods will be explained in detail. The purpose of the paper is to show how sniffing can be accomplished on switched networks, and to understand how it can be prevented.
Read the Article
|
Intelligence Preparation of The Battlefield
"Intelligence Preparation of the Battlefield" is a term used in the military that defines the methodology employed to reduce uncertainties concerning the enemy, environment, and terrain for all types of operations. It is a continuous process that is used throughout all planned and executed operations. The networked environment which security professionals are tasked with securing is analogous to a battlefield. The myriad of attackers and intruders from the void are the aggressors constantly on the offense. The security professionals are the defenders, entrusted to preserve the confidentiality and integrity of data against these marauders.
Read the Article
|
Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts A Case Study
After recently deploying an Intrusion Detection System (IDS) inside our corporate LAN, the issue at hand quickly became apparent, reduction of the amount of alerts that appear to be part of normal traffic. Tuning the IDS or even the network itself to eliminate these alerts is the hardest part. I can see how an IDS Administrator might turn off certain categories of alerts, because they are so numerous that they become an annoyance. One such type are ICMP alerts. After all, in the entire scheme of things, ICMP might appear to fall short on the importance scale, when weighed against buffer overflows, attempted root access and other types of hacking exploits. With the reluctance to give in so easily, I tried to find out the cause of these alerts as many of IDS administrators will attempt to do as well. After a few hit and miss attempts, it started to become clear that some of these could be related to outbound port usage, and that the network border could be misconfigured.
Read the Article
|
Enterprise Security Management Reducing the Pain of Managing Multiple IDS Systems
What is Enterprise Security Management or ESM? ESM is an emerging market space within the security technology arena that consists of several vendors who provide a holistic view of all your security device information. This includes: consolidating, normalizing, correlating, monitoring, analyzing, reporting on and responding to those security events across multiple heterogeneous security products specifically within mid-size to large Organizations.
Read the Article
|
