Forwarded From: root <rootat_private> http://www.zdnet.com/pcweek/stories/news/0,4153,2267089,00.html Hackers beware: IBM to sharpen Haxor By Jim Kerstetter, PC Week Online May 27 1999 4:49 PM ET Hackers beware: Haxor is watching you from its perch in IBM's wide-ranging security suite. This fall, Haxor is due for a face lift, along with IBM's Boundary Server firewall. They are two components of IBM's FirstSecure suite of applications, which includes everything from intrusion detection software to anti-virus software in the company's wider SecureWay security strategy. Haxor will gain several new features, including better scanning for stealth attacks, such as low-bandwidth hacks and coordinated attacks from different geographic points, and improved ability to detect mangled and overlapping packets, company officials said. IBM (NYSE:IBM) is also trying to improve Haxor's ability to filter out the white noise of regular network traffic, tuning it down enough so it can catch stealth attacks while not setting off frequent false alarms. Haxor was developed at IBM's Global Security Analysis Lab, in Hawthorne, N.Y., said Dave Safford, manager at the lab. There are two kinds of intrusion detection applications: One is based on servers or hosts and looks for attacks on that individual system; the other is network-based and sniffs packets as they come into the network, trying to determine if an attack is taking place. Haxor is network-based and can be found within IBM's FirstSecure suite as well as Tivoli Systems Inc.'s CrossSite network management suite. "There is an incredible amount of data that comes out of these things," Safford said. "It can be a real problem." To solve the problem, Safford said, IBM has developed "dynamic sensitivity," which will be able to correlate the difference between the attacks and legitimate traffic. Network administrators are particularly interested in integration with management tools from companies such as Tivoli. "That makes the most sense to me. I want to be able to manage this from one point," said Doug Mallow, network administrator at a West Coast bank. Also this fall, the Boundary Server firewall will be more tightly integrated with the SecureSite Policy Director, said IBM officials. Using the Common Content Inspection specification that is now under development, Boundary Server should be able to improve on performance, essentially sharing packets of data with other content inspection applications such as Content Technology Inc.'s MIMESweeper for e-mail inspection and Finjan Software Ltd.'s SurfinGate mobile code-scanning software. IBM in January unveiled its SecureWay strategy for Internet and network security. Like competing packages from Hewlett-Packard Co., SecureWay is made up of both home-grown and OEM applications. IBM also has developed a Security Policy Director to tie together its security pieces. IBM can be reached at (914) 499-1900 or www.ibm.com. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:24:05 PDT