http://www.techweb.com/wire/news/1997/09/0918security.html High-Tech Burglar Alarms Expose Intruders (09/18/97; 9:00 a.m. EDT) By Rutrell Yasin, InternetWeek [snip...] "Firewalls are very important. They can be very effective, but they can't do everything. They can be circumvented," said Richard Power, director of research and publications at the Computer Security Institute, in San Francisco. [snip...] Working In Perfect Harmony Intrusion-detection systems complement firewalls by monitoring the network and performing real-time capture and analysis of packet headers and content data. Using sophisticated algorithms to recognize attacks, intrusion-detection systems can send alerts to administrators to warn them of possible break-ins. Some products can even stop intruders from breaking into the network. [snip...] Sensors pass off events to the management server, which sends alarms via E-mail, pager, or SNMP[Image] traps, alerting security administrators to take action. CyberCop's closest competitor is Internet Security Systems' RealSecure software, which includes an attack recognition engine that ferrets out suspicious behavior. "The trickiest part is understanding attacks," said Patrick Taylor, vice president of marketing at Atlanta-based ISS. [snip...] Intrusion-detection systems hold a great deal of promise for security administrators, but like firewalls, they do not solve all security problems, CSI's Powers cautioned. At this stage, "intrusion-detection systems detect only what they know to look for," he said. In the future, vendors will offer tools with expert systems capabilities that can detect suspicious behavior, he said. =-= http://techweb.cmp.com/iw/678/78iuha2.htm April 20, 1998 New Wave Of Intrusion Detection By Deborah Kerr [T]he U.S. Navy's Operation Shadow caught 121 unauthorized TCP probe attempts on 10 installations last month, including offices of the Navy and Pentagon. Now five years old, Shadow is a highly sophisticated remote-monitoring, intrusion-detection, and analysis platform for the Department of Defense that predates vendor intrusion-detection systems. Key to its underpinnings are a number of free intrusion-detection tools available on the Web, such as Purdue University's TAMU Netlogger (ftp://coast.cs.purdue.edu/pub/tools/unix/netlog/TAMU) and Lawrence Livermore Laboratories' Network Intrusion Detector (http://ciac.llnl.gov/cstc/nid/niddes.html). The Navy developed code for Shadow and merged these tools. Now, Shadow's program manager, Stephen Northcutt, is looking at Network Flight Recorder, an intrusion-detection and analysis system developed by the Woodbine, Md., company of the same name. It's also available free on the Web (www.NFR.com) but will soon be marketed by resellers. NFR is more than an intrusion-detection device. It is a highly customizable framework, complete with toolkit, statistical analysis, and burglar alarms. "The fallacy of intrusion detection is it's impossible for somebody who doesn't know your network to understand what really should and shouldn't happen on that network," says Marcus Ranum, founder and CEO of Network Flight Recorder. "We give our customers and value-added resellers the ability to integrate their own filters on the fly." [snip...] -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Dimensional Communications (www.dim.com)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:56 PDT