New resources | Add a resource | Top rated resources
|
An Introduction to Intrusion Detection
"It is very important that the security mechanisms of a system are designed so as to prevent unauthorized access to system resources and data. However, completely preventing breaches of security appear, at present, unrealistic. We can, however, try to detect these intrusion attempts so that action may be taken to repair the damage later." From ACM Crossroads. |
Hits: 1580 |
|
An Overview of Issues in Testing Intrusion Detection Systems
"While intrusion detection systems are becoming ubiquitous defenses in today's networks, currently we have no comprehensive and scientifically rigorous methodology to test the effectiveness of these systems. This paper explores the types of performance measurements that are desired and that have been used in the past. We review many past evaluations that have been designed to assess these metrics. We also discuss the hurdles that have blocked successful measurements in this area and present suggestions for research directed toward improving our measurement capabilities." |
Hits: 734 |
|
Anomaly based rulebase definition
A paper on how to implement rule-based IDS system in a way to detect unknown attacks and network anomalies as well. By Lubomir Nistor. In PDF. |
Hits: 392 |
|
CIO Cyberthreat Response and Reporting Guidelines
"CIO Magazine worked with the Secret Service, the FBI and industry leaders to create guidelines for reporting security incidents what to report, who to report it to, and how. This valuable document includes phone numbers of Federal and local law enforcement agencies and a reporting form that you can use at your organization." In PDF. |
Hits: 122 |
|
Computer Forensics World
An open, peer to peer, support resource dedicated to computer forensics and intrusion detection issues. |
Hits: 112 |
|
Computer Security Incident Handling Guide
Detailed NIST guide: "This publication seeks to help both established and newly formed incident response teams. This document assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively." In PDF |
Hits: 153 |
|
Defeating Honeypots: Network Issues, Part 1
"The purpose of this paper is to explain how attackers typically behave when they attempt to identify and defeat honeypots. This is not an exhaustive description of all the tools and methods that are publicly known (or unknown), but this article will help security teams who would like to setup or harden their own lines of deception-based defense. After some theoretical considerations, we will discuss some technical examples to emphasize our explanations." |
Hits: 108 |
|
Dsniff 'n the Mirror
"This is a practical step by step guide showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others. It also provides a discussion of how and why we should monitor network traffic." LinuxSecurity.com, 03/24/02. |
Hits: 632 |
|
Everything you need to know about IDSes
"I've spent the past few months immersed in intrusion-detection systems and have learned more than I really wanted to know about them. In case you're wondering if you need an IDS, here are some points to keep in mind." Network World. |
Hits: 792 |
|
Examining a Public Exploit
Two-part SecurityFocus series: "We'll take a publicly available exploit, which you can download and compile at your discretion, and then analyze how it would be seen on your network and evaluated from a security administrator's point of view." |
Hits: 42 |
|
Forensic Focus
News and forums related to computer forensics. |
Hits: 37 |
|
Generic attacks against a honeypot: Blind your enemy
A discussion of techniques for confusing honeypots. The Hitchhiker's World, 07/03. |
Hits: 146 |
|
Gigabit Intrusion Detection Systems
Paper from NSS that looks at different gigabit IDSes. |
Hits: 301 |
|
Honeypot mailing list
Archive and signup. |
Hits: 80 |
|
Honeypots
Four-part series by M.E. Kabay on the use of, and liability and ethical issues surrounding, honeypots. From Network World on Security. |
Hits: 137 |
|
Honeypots: Definitions and Value of Honeypots
"There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues. Also, few people realize the risk and issues involved with honeypots." |
Hits: 228 |
|
How Vulnerable?
Reviewer Joel Snyder looks at five vulnerability analysis scanners in this article for Information Security magazine, 03/03. |
Hits: 131 |
|
Idle Scanning and related IPID games
"Almost four years ago, security researcher Antirez posted an innovative new TCP port scanning technique. Idlescan, as it has become known, allows for completely blind port scanning. Attackers can actually scan a target without sending a single packet to the target from their own IP address! Instead, a clever side-channel attack allows for the scan to be bounced off a dumb "zombie" host. Intrusion detection system (IDS) reports will finger the innocent zombie as the attacker. Besides being extraordinarily stealthy, this scan type permits mapping out IP-based trust relationships between machines." |
Hits: 107 |
|
IDS Overview
Defines the different types of intrusion-detection systems and provide links to vendors offering each of those systems. |
Hits: 613 |
|
Intruder Detection Checklist
CERT guide on what to detecting and dealing with intrusions. |
Hits: 428 |
|
Intrusion Detection Exchange Format (idwg) Working Group
"The purpose of the Intrusion Detection Working Group is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to management systems which may need to interact with them." IETF. |
Hits: 121 |
|
Intrusion Detection FAQ
From SANS. |
Hits: 355 |
|
Intrusion-detection apps boost security
Network World Tech Update, 01/13/02. |
Hits: 95 |
|
Justifying the Expense of IDS
Two-part series looking at how to prove RoI for an intrusion-detection system. Includes a formula for calculating an IDS RoI. |
Hits: 206 |
|
Know Your Enemy: The Tools and Methodologies of the Script Kiddie
Three-part series from the Honeynet Project on script kiddies, the tools they use and what they do with them. |
Hits: 57 |
|
Linux-Sec.net: Intrusion Detection Systems
Tips and software for Linux systems. |
Hits: 228 |
|
Network Intrusion Detection Signatures
"In this article we will discuss the basics of network IDS signatures and then take a closer look at signatures that focus on IP, TCP, UDP and ICMP header values. Such signatures ignore packet payloads and instead look for certain header field values or combinations of values. By learning about network IDS signatures, you%u2019ll have more knowledge of how intrusion detection systems operate, and you'll have a better foundation to write your own IDS signatures." |
Hits: 287 |
|
NSS Group
This Europe-based research firm regularly evaluates intrusion-dection systems for overall effectiveness. |
Hits: 107 |
|
On the lookout for dsniff
"Sniffer programs are a data interception technology that increase the risk of so-called "man-in-the-middle" attacks, and with the recent release of dsniff 2.3, security specialists need to be more aware of it than ever. Part 1 of this series explained how these network probing tools work, and how to recognize an attack. Here, Larry Loeb concludes with some tools and strategies for fighting sniffers." From IBM developerWorks. |
Hits: 80 |
|
rootkit.com
All about rootkits. |
Hits: 59 |
|
State of the Practice of Computer Security Incident Response Teams
"This report provides an objective study of the state of the practice of incident response, based on information about how CSIRTs around the world are operating. It covers CSIRT services, projects, processes, structures, and literature, as well as training, legal, and operational issues. The report can serve as a resource both to new teams that are setting up their operations and to existing CSIRTs that are interested in benchmarking their operations." By Carnegie Mellon's Software Engineering Institute. In PDF. |
Hits: 79 |
|
Talisker's Intrusion Detection System List
Lists IDS tools and has a page of hacker-related editorial cartoons. |
Hits: 165 |
|
Understanding rootkits
A look at the tools used by crackers to take control of a server without detection: "Although the intruders still need to break into a victim system before they can install their rootkits, the ease-of-use and the amount of destruction they cause make rootkits a big threat for system administrators." O'Reilly LinuxDevCenter.com |
Hits: 38 |
|
Watching a Honeypot at Work
"The purpose of this article is share with the security community the data I collected from my honeypot. ... It is written for people who want to understand what data honeypot will provide them. This discussion will include the attacker's recon, the attack, the attempted cover-up, and the reason for the attack on the honeypot." SecurityFocus, 01/10/03. |
Hits: 140 |
|
Writing an Incident Handling and Recovery Plan
"While many websites and papers discuss incident handling and incident response plans, aside from RFC 2350 very few of these lay out exactly what an actual plan might look like. The following is an outline of a typical generalized incident handling and response plan for a small to mid-sized organization that doesn't have a dedicated incident response staff. Using this outline as a starting point, the reader will need to adapt sections to his or her organization or industry as necessary and flesh out the plan in detail in order to create an adequate customized plan." |
Hits: 72 |
Page updated on: Thu Nov 09 2006 - 14:17:10
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
