Know Your Enemy: Building Virtual Honeynets
Virtual honeynets take the concept of Honeynet technologies, and implement them into a single system. This article will describe several different ways of building virtual honeynets. 2002-08-20 http://www.securityfocus.com/infocus/1614 Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS A positive return on investment (ROI) of intrusion detection systems (IDS) is dependent upon an organization's deployment strategy and how well the successful implementation and management of the technology helps the organization achieve the tactical and strategic objectives it has established. For organizations interested in quantifying the IDS's value prior to deploying it, their investment decision will hinge on their ability to demonstrate a positive ROI. ROI has traditionally been diff... 2002-07-18 http://www.securityfocus.com/infocus/1608 One of These Things is not Like the Others: The State of Anomaly Detection In the past few years, intrusion detection systems have joined firewalls as the fundamental technologies driving network security. In the near future, a third component will emerge - anomaly detection systems (ADS). This article will offer a brief overview of anomaly detection, including what it is, how it works, different ADS techniques, and the current state of anomaly detection. 2002-07-01 http://www.securityfocus.com/infocus/1600 Implementing Networks Taps with Network Intrusion Detection Systems Network taps were created to reconcile design conflicts between network intrusion detection systems (NIDS) and switches. This article will offer an overview of taps, including: what taps are, why they should be implemented, their role in improving network security, how they should be implemented, and the economic benefits of taps. 2002-06-19 http://www.securityfocus.com/infocus/1594 Optimizing NIDS Performance To help network intrusion detection systems keep up with the demands of today's networks, and the wide variety of threats that besiege them, there are a number of things that the NIDS administrator can do to improve the performance of their NIDS. This article will examine some of those options. 2002-06-06 http://www.securityfocus.com/infocus/1589 IDS Evasion Techniques and Tactics Blackhats, security researchers and network intrusion detection system (NIDS) developers have continually played a game of point-counterpoint when it comes to NIDS technology. The BlackHat community continually develops methods to evade or bypass NIDS sensors while NIDS vendors continually counter act these methods with patches and new releases. Throughout this article we will explain basic evasion techniques as well as suggest fixes or what to look for in many of these attacks. 2002-05-06 http://www.securityfocus.com/infocus/1577 Network Intrusion Detection Signatures, Part Five This is the fifth and final installment in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article, we will extend this discussion by looking closely at stateful protocol analysis, which involves performing protocol analysis for an entire connection or session, capturing and storing certain pieces of relevant data seen in the session, and using that data to identify attacks that involve multiple requests and responses. 2002-04-16 http://www.securityfocus.com/infocus/1569 Managing Intrusion Detection Systems in Large Organizations, Part Two This is the second of a two-part series devoted to discussing the implementation of intrusion detection systems in large organizations. In this installment, we will look at managing agents in a distributed environment, managing data from multiple IDS packages, and correlating data from distributed agents. 2002-04-09 http://www.securityfocus.com/infocus/1567 Managing Intrusion Detection Systems in Large Organizations, Part One This article is the first of a two-part series that will discuss the need for intrusion detection systems (IDS) in large organizations, including challenges of deploying IDSs in such environments, managing agents in a distributed environment, and using collected data. It will also discuss some “real-world” IDS experiences of larger companies. 2002-04-04 http://www.securityfocus.com/infocus/1564 Preventing and Detecting Insider Attacks Using IDS Insider attacks pose unique challenges for security administrators. This article will examine some ways in which intrusion detection systems can be used to help prevent and detect insider attacks. 2002-03-20 http://www.securityfocus.com/infocus/1558 |
|
Privacy Statement |