[ISN] Relevant portions of two IDS Articles

From: mea culpa (jerichot_private)
Date: Tue Apr 28 1998 - 15:07:25 PDT

  • Next message: mea culpa: "[ISN] Hacker Stoppers? (ids)"

    High-Tech Burglar Alarms Expose Intruders
    (09/18/97; 9:00 a.m. EDT)
    By Rutrell Yasin, InternetWeek
    "Firewalls are very important. They can be very effective, but they can't
    do everything. They can be circumvented,"  said Richard Power, director of
    research and publications at the Computer Security Institute, in San
    Working In Perfect Harmony
    Intrusion-detection systems complement firewalls by monitoring the network
    and performing real-time capture and analysis of packet headers and
    content data. 
    Using sophisticated algorithms to recognize attacks, intrusion-detection
    systems can send alerts to administrators to warn them of possible
    break-ins. Some products can even stop intruders from breaking into the
    Sensors pass off events to the management server, which sends alarms via
    E-mail, pager, or SNMP[Image] traps, alerting security administrators to
    take action.  CyberCop's closest competitor is Internet Security Systems'
    RealSecure software, which includes an attack recognition engine that
    ferrets out suspicious behavior.  "The trickiest part is understanding
    attacks," said Patrick Taylor, vice president of marketing at
    Atlanta-based ISS. 
    Intrusion-detection systems hold a great deal of promise for security
    administrators, but like firewalls, they do not solve all security
    problems, CSI's Powers cautioned.  At this stage, "intrusion-detection
    systems detect only what they know to look for," he said. In the future,
    vendors will offer tools with expert systems capabilities that can detect
    suspicious behavior, he said. 
                                            April 20, 1998  
    New Wave Of Intrusion Detection
    By Deborah Kerr
    [T]he U.S. Navy's Operation Shadow caught 121 unauthorized TCP probe
    attempts on 10 installations last month, including offices of the Navy and
    Pentagon.  Now five years old, Shadow is a highly sophisticated
    remote-monitoring, intrusion-detection, and analysis platform for the
    Department of Defense that predates vendor intrusion-detection systems. 
    Key to its underpinnings are a number of free intrusion-detection tools
    available on the Web, such as Purdue University's TAMU Netlogger
    (ftp://coast.cs.purdue.edu/pub/tools/unix/netlog/TAMU)  and Lawrence
    Livermore Laboratories' Network Intrusion Detector
    (http://ciac.llnl.gov/cstc/nid/niddes.html).  The Navy developed code for
    Shadow and merged these tools. 
    Now, Shadow's program manager, Stephen Northcutt, is looking at Network
    Flight Recorder, an intrusion-detection and analysis system developed by
    the Woodbine, Md., company of the same name. It's also available free on
    the Web (www.NFR.com) but will soon be marketed by resellers. NFR is more
    than an intrusion-detection device. It is a highly customizable framework,
    complete with toolkit, statistical analysis, and burglar alarms. 
    "The fallacy of intrusion detection is it's impossible for somebody who
    doesn't know your network to understand what really should and shouldn't
    happen on that network," says Marcus Ranum, founder and CEO of Network
    Flight Recorder. "We give our customers and value-added resellers the
    ability to integrate their own filters on the fly." 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:56 PDT