http://www.techweb.com/wire/news/1997/09/0918security.html
High-Tech Burglar Alarms Expose Intruders
(09/18/97; 9:00 a.m. EDT)
By Rutrell Yasin, InternetWeek
[snip...]
"Firewalls are very important. They can be very effective, but they can't
do everything. They can be circumvented," said Richard Power, director of
research and publications at the Computer Security Institute, in San
Francisco.
[snip...]
Working In Perfect Harmony
Intrusion-detection systems complement firewalls by monitoring the network
and performing real-time capture and analysis of packet headers and
content data.
Using sophisticated algorithms to recognize attacks, intrusion-detection
systems can send alerts to administrators to warn them of possible
break-ins. Some products can even stop intruders from breaking into the
network.
[snip...]
Sensors pass off events to the management server, which sends alarms via
E-mail, pager, or SNMP[Image] traps, alerting security administrators to
take action. CyberCop's closest competitor is Internet Security Systems'
RealSecure software, which includes an attack recognition engine that
ferrets out suspicious behavior. "The trickiest part is understanding
attacks," said Patrick Taylor, vice president of marketing at
Atlanta-based ISS.
[snip...]
Intrusion-detection systems hold a great deal of promise for security
administrators, but like firewalls, they do not solve all security
problems, CSI's Powers cautioned. At this stage, "intrusion-detection
systems detect only what they know to look for," he said. In the future,
vendors will offer tools with expert systems capabilities that can detect
suspicious behavior, he said.
=-=
http://techweb.cmp.com/iw/678/78iuha2.htm
April 20, 1998
New Wave Of Intrusion Detection
By Deborah Kerr
[T]he U.S. Navy's Operation Shadow caught 121 unauthorized TCP probe
attempts on 10 installations last month, including offices of the Navy and
Pentagon. Now five years old, Shadow is a highly sophisticated
remote-monitoring, intrusion-detection, and analysis platform for the
Department of Defense that predates vendor intrusion-detection systems.
Key to its underpinnings are a number of free intrusion-detection tools
available on the Web, such as Purdue University's TAMU Netlogger
(ftp://coast.cs.purdue.edu/pub/tools/unix/netlog/TAMU) and Lawrence
Livermore Laboratories' Network Intrusion Detector
(http://ciac.llnl.gov/cstc/nid/niddes.html). The Navy developed code for
Shadow and merged these tools.
Now, Shadow's program manager, Stephen Northcutt, is looking at Network
Flight Recorder, an intrusion-detection and analysis system developed by
the Woodbine, Md., company of the same name. It's also available free on
the Web (www.NFR.com) but will soon be marketed by resellers. NFR is more
than an intrusion-detection device. It is a highly customizable framework,
complete with toolkit, statistical analysis, and burglar alarms.
"The fallacy of intrusion detection is it's impossible for somebody who
doesn't know your network to understand what really should and shouldn't
happen on that network," says Marcus Ranum, founder and CEO of Network
Flight Recorder. "We give our customers and value-added resellers the
ability to integrate their own filters on the fly."
[snip...]
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Received on Wed Apr 29 14:08:13 1998