Network Intrusion Detection Signatures, Part FourThis is the fourth in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article, we will resume our discussion of protocol analysis and how it can overcome attempts by attackers to obfuscate their exploits so that they cannot be detected by simple intrusion detection signature methods. 2002-03-05 http://www.securityfocus.com/infocus/1553
Network Intrusion Detection Signatures, Part ThreeThis is the third in a series of articles on understanding and developing signatures for network intrusion detection systems. In Part One and Part Two, we examined the use of IP protocol header values, particularly TCP, UDP and ICMP, in network intrusion detection signatures. In this installment, we will continue our discussion of signatures by studyin... 2002-02-19 http://www.securityfocus.com/infocus/1544
Understanding IDS Active Response MechanismsDebates still rage in the developer community over which methods of detecting attackers are best, but IDS customers as a whole are satisfied with the current IDS technology. To get an edge on the competition, many of the IDS vendors are adding active response capabilities to their products. This article will offer an overview of active response mechanisms in intrusion detection systems. 2002-01-29 http://www.securityfocus.com/infocus/1540
Network Intrusion Detection Signatures, Part TwoThis is the second in a series of articles on understanding and developing signatures for network intrusion detection systems. In the first installment we looked at signature basics, the functions that signatures serve, header values, signature components, and choosing signatures. In this article we will continue our discussion of IP protocol header values in signatures by closely examining some signature examples. 2002-01-22 http://www.securityfocus.com/infocus/1534
An Introduction To Distributed Intrusion Detection SystemsThis article will discuss distributed intrusion detection systems (dIDS), including the general setup of a dIDS and a fictional case study to demonstrate the distributed analysis abilities. It will also try to give the reader some insight into the benefits of running a dIDS system, from both incident analyst and corporate views. 2002-01-08 http://www.securityfocus.com/infocus/1532
Network Intrusion Detection Signatures, Part OneThis is the first in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article we will discuss the basics of network IDS signatures and then take a closer look at signatures that focus on IP, TCP, UDP and ICMP header values. 2001-12-19 http://www.securityfocus.com/infocus/1524
The Future of IDSIDS, much like the security industry itself, has grown rapidly over the past few years. These tools have become essential security components - as valuable to many organizations as a firewall. However, as in any environment, things change. This article will offer a brief look at some possible future developments in intrusion detection. 2001-12-04 http://www.securityfocus.com/infocus/1518
The Evolution of Intrusion Detection SystemsWith all of the different components and vendors to choose from, IDS offerings have become pretty complex. This article by SecurityFocus writer Paul Innella will endeavour to examine how intrusion detection has evolved to its current state. Starting with a brief overview of different IDS methodologies, the article will then take a brief look at the history of IDS, and will conclude with a look at some of the major players in the IDS field. 2001-11-16 http://www.securityfocus.com/infocus/1514
Virtual HoneynetsA honeynet is a tool that can be used to learn about the targets, methods and tools used by intruders when compromising a system, it consists of a network of production systems that are designed to be compromised. Whereas a honeypot usually consists of one machine,a honeynet is a network of computers. This article will offer a brief overview of honeynets, and will examine how to set up a one-machine honeynet using VMware. 2001-11-07 http://www.securityfocus.com/infocus/1506
The Value of Honeypots, Part Two: Honeypot Solutions and Legal IssuesNow that we have been discussing the different types of honeypots and their value, let's discuss some examples. The more I work with honeypots, the more I realize that no two honeypots are alike. Because of this, I have identified what I call 'level of involvement'. Simply put, the more involved a honeypot is, the more value it can have. At the same time, the more involved a honeypot is, the more risk it is likely to have. The more a honeypot can do and the more an attacker can do to a hon... 2001-10-25 http://www.securityfocus.com/infocus/1498 |
|
|
Privacy Statement |
