Definition of Intrusion Detection
What is intrusion detection?
The act of detecting unauthorized access to a computer system or network.
|
|
Intrusion Detection
Intrusion Detection Is Dead. Long Live Intrusion Prevention!
This practical will demonstrate the limitations and drawbacks of intrusion detection as well as the reasons why intrusion prevention is a vastly better method of securing a network. In summary, IDS (Intrusion Detection Systems) will soon be rendered obsolete by IPS (Intrusion Prevention Systems).
Read the Article
|
An Overview of PureSecureTM
This paper's objective was to examine the role of the Intrusion Detection System (IDS) in modern security strategies, establish a set of criteria for IDS evaluation, investigate the functionality of PureSecureTM, an application developed and marketed by Demarc Security, and present conclusions concerning its desirability as a working IDS. The paper's objectives were accomplished by researching various sources, to include the PureSecureTM product documentation and the experience of the writer and other users who have installed and used the application. This paper documents the conclusion that PureSecureTM is an excellent low-cost product that can provide an essential part of the total security solution for many small to medium organizations.
Read the Article
|
The Keep Within the Castle Walls - An Experiment in Home Network Intrusion Detection
There are a number of security measures that can be implemented to protect a network. One of the key components that will assist in determining whether a system is being attacked is a network-based intrusion detection system (NIDS). A wonderful and free NIDS is snort. The GSEC course discusses how to set up snort on a Windows-based system. I will discuss how to set up snort 1.9.1 - the latest version - on a virtual Linux machine. First, the "before" scenario will describe the situation before this security improvement is enacted. Second, I will assess the risk, discuss why someone should consider network intrusion detection, talk about snort, VMware, and Linux, and investigate configuration options. I'll conclude with some implementation notes, enhancements and the "after" scenario. The appendices provide brief installation instructions and resources for further information.
Read the Article
|
Intrusion Prevention Systems- Security's Silver Bullet?
This paper takes a look at Intrusion Prevention Systems (IPS), preceded by a history of network security components that fortify our networks. An understanding of Firewalls, Anti-Virus programs, and IDS is important, before moving onto IPS. Earlier systems have served us well, but with the proliferation of sophisticated attacks and the discovery of new vulnerabilities, new methods are needed to protect precious data and network resources.
Read the Article
|
Doing My Part - Sending Data to the Internet Storm Center
There are a number of excellent papers on small office / home office (SOHO) security in the SANS Reading Room that provide clear examples of using a variety of inexpensive firewall devices and/or software-based personal firewalls, which allow even a novice to start at the beginning and slowly work through securing a home or small office network. Following these best practices is an excellent start, but my SANS Security Essentials instructor, Bob Hillery, made it a point to emphasize that locking the doors is only a part of the answer -- to really be secure on the internet you have to go a step further - you have to do your part to stop hacker activity. This paper documents the procedure that I set up to automate collecting and sending intrusion attempt information to Incidents.org and the Internet Storm Center, then discusses my results and some possible next steps.
Read the Article
|
A Single IDS Console Please: ManHunt 2.1 Pilot Test
Many companies have deployed a variety of network intrusion detection systems (NIDS) over time as their networks and security strategies have evolved. We certainly found ourselves in this position at the company I work for. We had deployed Snort, Dragon and ManTrap on the network, not to mention Tripwire and all of the host system log files we have to audit. This created a piecemeal system that left us with several administration consoles and hundreds of events to sort through. We needed a way to bring them together into a single console that would enable our security personnel to aggregate, correlate and analyze them. Without that we will be crippled by the sheer volume of events. Furthermore, we wanted to add more sensors to our network, and preferably sensors that were based on a different technology than the signature based systems we had already deployed.
Read the Article
|
SSH and Intrusion Detection
Widespread use of the SSH protocol greatly reduces the risk of remote computer access by encoding the transmission of clear text usernames and passwords. Prior to the use of SSH, packet sniffing, which allows malicious users to watch for the login process in the clear text packet traffic on a network segment, was an easy method for a malicious user to gain unauthorized access to a machine. Unfortunately, use of SSH might allow a malicious user to bypass intrusion detection systems because of its encrypting of the data payload and its ability to tunnel protocols. This paper outlines the role and issues with the use of the SSH protocol, types and methods of intrusion detection, and proposes techniques and an architecture for an intrusion detection system that uses the SSH daemon as a sensor.
Read the Article
|
Intrusion Detection Interoperability and Standardization
Intrusion detection is an area of increasing attention and its deployment has accelerated rapidly in enterprises and mission-critical systems over the last few years. Commercial vendors and the open source community have responded with a plethora of intrusion detection products. Now a new issue has surfaced - there is no standard way for these closed and incompatible systems to communicate. Lack of standards hampers research and deployment of intrusion detection technology. First "Common Intrusion Detection Framework" (CIDF) and then simpler to use "Intrusion Detection Message Exchange Format" (IDMEF) have been proposed as the standards to be used by such systems to interoperate and exchange messages. This paper presents the motivation for such standardization efforts and an overview of a potential standard - IDMEF along with its communication protocol IDXP.
Read the Article
|
The Design and Theory of Data Visualization Tools and Techniques
The purpose of this paper is to inform and educate security professionals about the analytical potential of using a tool or technique that renders visual representations of the data/traffic that traverses a given network. The emphasis is on the design and theory behind such tools. Included are examples of data visualization products that are commercially available.
Read the Article
|
Finding dsniff on Your Network
This paper covers some ways to detect dsniff and two of its utilities, arpspoof and macof, on a network. Arpspoof and macof tools were used with dsniff to determine if dsniff could be detected. The following programs were used to detect various aspects of dsniff: Arpwatch, ZoneAlarm, Antisniff and tcpdump. Our existing Fluke network test equipment was connected to the network to evaluate what indicators each could provide about dsniff and its tools.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7 8 9 10 11
Members currently browsing this category:
|
|
