Definition of Intrusion Detection
What is intrusion detection?
The act of detecting unauthorized access to a computer system or network.
|
|
Intrusion Detection
|
|
Overview of LIDS, Part Two
This is the second part of a four-part series devoted to an overview of LIDS, a Linux kernel patch that will allow users to take away the all-powerful nature of root in order to give programs exactly the access they need and no more. The first article in this series offered an overview of LIDS. This installment will look at file restrictions, LIDS File ACLs, and LIDS enhancements of Linux capabilities.
Read the Article
|
Overview of LIDS, Part Three
This is the third part of a four-part article devoted to the exploration of LIDS, a Linux kernel patch that will allow users to take away the all-powerful nature of root. The first article in this series offered an overview of LIDS. The second installment looked at file restrictions, LIDS File ACLs, and LIDS enhancements of Linux capabilities. This installment will discuss granting capabilities, the LIDS-specific capabilities, ACL inheritance and time-based ACLs.
Read the Article
|
The Evolution of Intrusion Detection Systems
I am currently working with a client who asked me to choose an intrusion detection system (IDS) to deploy in their environment. I have been working with intrusion detection since it was virtually unknown, so it would seem the decision would be quite simple. On the contrary, with all of the different components and vendors to choose from, IDS offerings have become pretty complex. That led me to wonder how IDS technology has progressed to its current state. So, I invested some time trying to figure it out. Now that I have, let me tell you, it is enough to induce a headache. Nonetheless, I wrote this article to share my findings with you. If you are ready for a discussion about the evolution of IDS, then read on; however, be forewarned, the history of intrusion detection is as confusing as Greenspan's economic strategies.
Read the Article
|
The Great IDS Debate : Signature Analysis Versus Protocol Analysis
Intrusion detection systems (IDS) have rapidly become a crucial component of any network defense strategy. Over the past few years, their popularity has soared as vendors have refined their results and increased performance capabilities. At the heart of intrusion detection systems lies the analysis engine. It reviews each packet, determines if it is malicious, and logs an alert if necessary - the core tasks of an IDS. Two different IDS techniques, each favored by separate and loyal camps, have emerged as the preferred engine behind the software. Despite the copious marketing material and fiery online debates, each method has distinct strengths and weaknesses. In this article, we'll examine and compare the two different techniques: signature analysis and protocol analysis.
Read the Article
|
Understanding IDS Active Response Mechanisms
Debates still rage in the developer community over which methods of detecting attackers are best, but IDS customers as a whole are satisfied with the current IDS technology. To get an edge on the competition, many of the IDS vendors are adding active response capabilities to their products. The concept underlying this tactic is that the IDS will detect an attacker and then move to stop his attack. The problem is that any attacker with a basic knowledge of TCP/IP can easily defeat these mechanisms directly or simply knock the network offline often enough that the Admin is forced to turn off the feature. It is important for Admins to know the limitations of active response mechanisms to avoid being blindsided by them.
Read the Article
|
Evaluating Network Intrusion Detection Signatures, Part One
Over the past several years, a number of academic and commercial entities have conducted evaluations of various network intrusion detection (NID) software, to determine the overall effectiveness of each product and to compare the products to each other. Many system administrators and security analysts are also responsible for conducting their own evaluations of NID products, in order to choose a solution for deployment in their environments. NID evaluations typically include some rough indication of the relative quality of each product's signatures. However, high signature quality is critical to achieving a good NID solution, so the importance of accurately evaluating signature quality cannot be stressed strongly enough.
Read the Article
|
Evaluating Network Intrusion Detection Signatures, Part Two
In this series of articles, we present recommendations that will help readers to evaluate the quality of network intrusion detection (NID) signatures, either through hands-on testing or through careful consideration of third-party product reviews and comparisons. The first installment discussed some of the basics of evaluating NID signature quality, as well selecting attacks to be used in testing. This article will conclude the discussion on criteria for choosing attacks and then provide recommendations for generating attacks and creating a good testing environment. We begin by discussing some methods of acquiring attacks and attack traffic.
Read the Article
|
Evaluating Network Intrusion Detection Signatures, Part Three
In this three-part series of articles, we are presenting recommendations that will help readers to evaluate the quality of network intrusion detection (NID) signatures, either through hands-on testing or through careful consideration of third-party product reviews and comparisons. The first installment discussed some of the basics of evaluating NID signature quality, as well as selecting attacks to be used in testing. The second installment concluded the discussion of criteria for choosing attacks and provided recommendations for generating attacks and creating a good testing environment. This article will wrap up the series by examining other ways of generating attacks with other security-related tools and by manually creating your own attacks.
Read the Article
|
Host Integrity Monitoring: Best Practices for Deployment
The purpose of this article is to highlight the important steps and concepts involved in deploying a host integrity monitoring system. Being aware of these concepts can mean the difference between a useful deployment, and one that is rendered ineffective or more trouble than it is worth.
Read the Article
|
Identifying and Tracking Emerging and Subversive Worms Using Distributed Intrusion Detection Systems
Worms continually become more sophisticated, as new propagation methods and stealth techniques are developed and implemented. As worms continue to evolve, so must our ability to detect and track them. One solution is the use of distributed intrusion detection systems (dIDS) to identify new and emerging worms that utilize new subversive propagation techniques. This paper will discuss how and why the dIDS design is able to identify, detect, and track worms even as they implement more advanced propagation methods.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7 8 9 10 11
Members currently browsing this category:
|
|
