Forwarded from: security curmudgeon <jerichoat_private> cc: nicole.bellamyat_private, errata submission <errataat_private> > http://www.zdnet.com/zdnn/stories/news/0,4586,2822782,00.html > > By Nicole Bellamy > ZDNet Australia > November 6, 2001 5:46 PM PT > > InterSect Alliance says it has developed the first integrated security > auditing and event logging subsystem for the open source Linux operating > system, beating much larger organizations to the punch. Unless there is more to it, this claim is completely wrong. Hell, one could argue that "syslog" matches this description since it will log audit related events. > According to Leigh Purdie, director and principal security > consultant, this is the first release of code for a host-based > intrusion detection system, although there have been inroads made > into the development of source code to address network-based > intrusion detection. Oh, so now its an IDS for Linux, and the first? So i guess LIDS (www.lids.org) doesn't count? And of course Marty over at Snort must be horribly disappointed by this revelation. (www.snort.org) And damn, the folks from Tripwire must be sawing at their wrists too. Tripwire was opensource and running on Linux when.. 1992 or 1993? Side note: I have been told that the cluebag journalist Nicole Bellamy actually had the nerve to say that her "experts" told her this load of shit, despite this whole article reading like a press release. If true, her experts are more in the field of snorting drugs it seems. More amusing: Google for "intrusion detection system linux" and the first two hits are LIDS and Snort. > The two systems differ in that while a network-based intrusion > detection tool enables the user to determine when an intrusion is > being attempted, the host-based system allows the user to identify > when an intrusion has been successful. Ok so we make the qualifiation of NIDS vs HIDS here, and that explains Tripwire how? > The Snare auditing subsystem is designed to "enhance an > organizations ability to detect suspicious activity by monitoring > system and user actions", as stated in its release report. /yawn This is old news in the IDS field. Also old news in the Linux IDS field. > Snare fills Linux security void > > The lack of integrated security features--perceived or actual--has > long been a barrier to widespread Linux adoption. So a ZDNet article mentioning YALBI (Yet Another Linux Based IDS) is going to shatter that perception? Something tells me that if it were really that easy, it would have been done by now. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2821245,00.html October 30, 2001 "Three useful intrusion detection tools come with the OLS 3.1 package. Tripwire lets you take a snapshot of a system's critical software executables and configuration files and later compare it with a snapshot of the current running system. The PortSentry module automatically monitors for port scans and unauthorized access attempts. And LogCheck digests large system log files and points out log entries that may indicate that a system has been compromised." Oh I know, that was only 7 days before this article and you may not have known about it yadda yadda /excuse etc. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2453339,00.html February 29, 2000 Security mavens have long agreed that open-source security is the best security. It's a pity that their bosses usually disagree. Until now, that is. TripWire Inc., long a free-software proponent, has decided to cannonball into the open-source waters. Now, did we forget to search ZDNet for articles on the very same thing you are writing about now? Please, lets remember Journalism 101 here. > According to an InterSect Alliance report, "the lack of host-based > intrusion detection in the form of an auditing system, has been cited > in the past by organizations as a significant contributor to the > decision to choose alternative operating systems over Linux in > operational roles." What organizations? Where are these quotes? > While working on similar tools for other operating systems, such as > Sun's Solaris and Microsoft's Windows NT--all of which contained an > audit collection subsystem--the company realized the lack of this > feature in Linux, and "thought something was missing," according to > Purdie. Err, perhaps I am just out of the loop here, but what does Sun/Solaris offer natively that Linux doesn't in the way of "audit collection subsystems"? I haven't kept up with Solaris after 2.6 really but I just don't see it offering that much more. > While eight months seems minimal in software development terms, Purdie > maintains that Snare is actually the culmination of ten year's work > into the host-based intrusion detection system, added to a combined > total of more than twenty year's experience in security for the > directors. So its based on ten years of work, yet is being released some *9* years after Tripwire was? Why aren't "FRAUD" bells going off at this point? Gah. It is clear to me that this is a total fluff piece that could pass for a press release with a few minor changes. No background was done, no experts consulted. In fact, had Nicole Bellamy talked to other *respected* ZDNet journalists who often write about security past or present (Rob Lemos, Alexander Wellen, Michael Fitzgerald), she would have realized what a joke this was, and what kind of complete bullshit this company was spewing. Chalk another up for Errata (http://attrition.org/errata/). Oh, any insipid legal threats from Nicole Bellamy will be published along with this errata. Since that seems to be her trend based on talking to others. (For the ISN crowd: she has threatened to sick her pet lawyers on someone who works in the open source community for telling her this article was full of shit.) - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 02:58:04 PST