|
|
Intrusion
Detection and Network Auditing on the Internet
Articles
Written about Intrusions Detection
Firewalls
and Internet Security, the Second Hundred Years
An overview of the evolution of Internet firewalls with a look towards the
future. Printed in the June 1999 issue of Cisco's The Internet Protocol Journal.
The Castle
Defense
A primer for enterprise system and network protection. A Performance Computing
Special Report from the July 1999 issue.
Firewalls: Are We
Asking Too Much?
Information Security magazine cover story, May, 1999. Allowing a new service
through a firewall is easy. Doing it while maintaining the same high level of
security isn’t.
Security Axioms
Some are true, some just sound true. It is important to know which is which.
Intrusion
Detection Joins Net Security Arsenal
Internet World, March 22, 1999. An overview of the passive and active techniques
that work together to help systems administrators stay on top of intrusion
perils.
Windows NT Security
Written by high school senior Kevin Shivers (class of '99) as part of a senior
project, this paper gives systems managers an overview of Windows NT system
security problems and how to plug them.
Software
Review: Sendmail Pro
This is a Performance Computing April 1999 review of Sendmail, Inc.'s first
commercial Sendmail product. (I liked it.)
MailGuardian
delivers transparent security to users
This is an InforWorld February 8, 1999 review of Vanguard Security Technologies'
MailGuardian product. MailGuardian provides e-mail security.
The Foundations of Enterprise
Network Security
Originally published in Data Security Management, February 1999. Copyright ©
1999 Auerbach Publications. User by permission. This article discusses the
initial work that must be done to establish a network and computer security
perimeter. Specifically, we discuss business needs analysis, risk assessments,
security policy development, and the selection of mechanisms and establishment
of methods.
Identity Confirmed
An "Issues and Trends" piece published in Network
World
August 24, 1998. This is a discussion of biometric authentication devices, such
as fingerprint readers, voice recognition systems, and retinal scanners.
Some Important VPN Questions Answer
(A CSI Interview)
From the Computer Security Alert Number 185, August 1998.
A Multi-Dimensional
Approach to Internet Security
From Volume 2.2 of the ACM netWorker magazine, 1998. This article discusses all
the things that make up the establishment of computer and network security.
Firewalls are not enough.
A Computer and Network Security
Primer
1998. A short paper written to explain some of the basic terminology.
An Approach to Computer Security
Originally published in the TIS Data Security Letter in 1996. This is a short
editorial arguing for doing the groundwork of network security.
Application Gateways and Stateful Inspection
Revised January 1998. There has been much discussion and marketing hype
surrounding application gateways and stateful multilevel inspection as
architectures for firewall development. After a lengthy discussion on the
firewalls mailing list, the authors wrote and distributed this paper. It is the
result of experience, observation, and input from the members of the firewalls
mailing list.
Firewalls and Virtual Private
Networks
1996. A brief article discussing VPNs and how they are supported by Internet
firewalls.
A Network Perimeter with Secure
External Access
Proceedings of the ISOC NDSS Symposium, 1996. This paper, coauthored by Marcus
Ranum, discusses a research project for DARPA in which two of the goals were to
raise the level of network and computer security for the White House and to
securely put the President on-line for e-mail access.
Tracing Electronic Mail
1996 Based on a short training session for the US Secret Service on the
methods to use to trace electronic mail, this paper should be helpful for system
managers and postmasters.
The Seven Tenets of Good Security.
Rules to live by.
Network
Security: Building
Internet Firewalls
Originally published in the BUSINESS COMMUNICATIONS REVIEW, January 1994. This
magazine articles is an introduction to Internet Firewalls and, though old by
Internet standards, is still useful.
A Toolkit and Methods for Building
Internet Firewalls
Proceedings of the summer USENIX conference, 1994 In this paper, Marcus Ranum
and Fred Avolio discuss one of the results of the DARPA project to establish and
secure WhiteHouse.Gov and the President's e-mail. Specifically, it is the first
formal description of the TIS Internet Firewall Toolkit (FWTK).
On
Top
Primer
materials to start your learning journey
An
Introduction to Intrusion Detection and Assessment
By Becky Bace in PDF format.
An Introduction to
Intrusion Detection
An article written by Aurobind Sundaram in the Association for Computing
Machinery's newsletter Crossroads.
COAST
Intrusion Detection Pages
An excellent primer on Intrusion Detection.
FAQ: Network Intrusion Systems
A well done FAQ that covers the core concepts of Intrusion Detection on
several operating systems.
Getting the drop on Network Intruders
An overview of Network Intrusion Detection Software by Ellen Messmer Source:
Network World, 10/04/99
Managing Intrusions
A brief Whitepaper by Peter Stephenson that covers the basics.
On
Top
Intrusion
Detection Web Sites
CSI
Intrusion Detection System Resource
The Computer Security Institute is a membership organization that serves and
trains IS professionals on how to protect their networks. Although most of their
site content is available to members only, some excellent material is available.
Check out the CSI Roundtable
discussion on present and future intrusion detection systems.
COAST Intrusion Detection
Hotlist
An excellent place to delve into the world of intrusion detection.
Intrusion
Detection Consortium
The Intrusion Detection Systems Consortium (IDSC) was established in 1998 to
provide an open forum in which developers could work toward common goals such as
educating end users, creating industry standards, product interoperability, and
maintaining product integrity.
SRI/CSL's Intrusion
Detection Page
Home of the SRI International Computer Science Laboratory. Lots of whitepapers
and other resources, but hasn't been updated since 1997...
On
Top
Technical
Articles
50
ways to defeat your Intrusion Detection System
By Fred Cohen & Associates
Anatomy of an
Intrusion
A great eye-opening article on Intrusions by Greg Shipley, published in Network
Computing's Security Workshop, Oct 1999
Can Intrusion Detection Keep an Eye on Your Network?s Security?
Catching network and host attacks as they happen sn?t always possible with
firewalls and other security tools. Intrusion detection can be your eyes and
ears throughout the enterprise. Source: Network Magazine (April 1999)
Cracker Tracking: Tighter Security with Intrusion Detection
An Article in BYTE Magazine by Michael Hurwicz. Discusses the differences
between host and network based detection systems and does a brief comparison of
some of the major products on the market.
Data Mining
Approaches for Intrusion Detection
An interesting whitepaper from Columbia University's Computer Science Department
Detecting
Signs of Intrusion
From CERT at Carnegie Mellon University
Effective Security
Monitoring
A sample chapter from MS Press Security, Audit, and Control Book.
Hacker Alert - Intrusion Detection Software is hot , but can it really stop
Hacker's cold?
A hard look at what options are out there, and how they actually function in the
real world, by Ellen Messmer in Network World, Sept 27, 1999
How to Audit Windows NT Security
Article by Stuart Henderson, Sept 1997
How to Build a Honeypot
An excellent and unique article by Lance Spitzner on how to create a lab
environment to teach and learn how hackers test system vulnerabilities.
Intrusion
Detection Tools to stop hackers cold.
A review of host based monitoring and network based scanners by Ellen Messmer,
Network World, 2/15/99
Intrusion
Today
A small news archive from the NetworkICE corporation
Intrusion Detection and Response
A whitepaper on the viability of Intrusion Detection Systems from National
Info-Sec at the Lawrence Livermore National Laboratories
Intrusion Detection
provides a pound of prevention
Article by Mark Abene in Network Computing's Security Workshop, August 1997
Responding
to Intrusions
From CERT at Carnegie Mellon University
Security
Reality Check
Intrusion detection spots bad things happening in your network?..sometimes.
Source: Network Magazine (July 1999)
Sniffing out Network Intruders
A Product comparison and introduction to Network Sniffer programs Source:
InfoWorld's Test Center. (Feb 1999)
Spotting Intruders
A great article by Brian Robinson. Source:Federal Computer Week, March 1999
To
Catch an Internet Thief
Tracking intruders back to their lairs may require an Internet posse. Source:
Network Magazine (Feb 1999)
Working
with the NT Security Log,
By Paul E. Proctor, Windows NT Systems Magazine, Sept 1997
On
Top
FAQs
& White Papers
FAQ:
Network Intrusion Detection Systems
FAQ: Network Intrusion Detection Systems
(Technical Incursion Countermeasures)
CSI Intrusion Detection System Resource
(Computer Security Institute)
Eluding Network Intrusion Detection
(January 1998, Thomas H. Ptacek, Timothy N. Newsham)
Bro: A System for Detecting Network Intruders in Real-Time (January 1998,
Vern Paxson)
50 Ways to Defeat Your Intrusion Detection System
(December 1997, Fred Cohen)
An Analysis Of Security Incidents On The Internet 1989 - 1995 (April 1997,
John D. Howard)
An Introduction to Intrusion Detection
(1996, Aurobindo Sundaram)
NITB Intrusion Detection and Response
(1996, Lawrence Livermore National Laboratory)
A Methodology for Testing Intrusion Detection Systems
(1996, Zhaung, M. Chung, B. Mukherjee, and R. Olsson)
COAST Intrusion Detection Pages (COAST)
Smurf Attack (Craig A. Huegen)
Ping o' Death Page (Malachi Kenney)
TCP SYN Flooding Attacks and Remedies (Rik Farrow)
Sequence Number Attacks (Rik Farrow)
USENET Computer Security FAQs
On
Top
Vulnerabilities
Shake
Vulnerabilities Database (Shake Communications)
Fyodor's Exploit world (Fyodor)
RSI Denial of Service Database (RepSec)
Security Bugware (Hrvoje Crvelin)
ISS X-Force Vulnerability Database (ISS)
Infilsec Vulnerability Engine (Infilsec)
Netcraft Internet Security Diary (Netcraft)
L0pht Advisories (L0pht)
SNI Security Advisories (SNI)
On
Top
Security
Audit & Intrusion Detection Tools
NTInfoScan
(David Litchfield)
Deception Toolkit (Fred Cohen & Associates)
NTSAfe (Internet Dynamics)
HackerShield (Netect)
Tripwire (Tripwire Security Systems)
WebTrends Security Analyzer (WebTrends)
L0pht / NFR IDS Modules (L0pht)
Intact (Pedestal Software)
Entry 2.0 for Windows 95 (EliteSys)
PANDORA (Simple Nomad)
Traverse (Future IT)
SAINT: Security Administrator's Integrated Network Tool (WWDSI)
ENTRAX (Centrax)
Cooperative Intrusion Detection Evaluation and Response (CIDER) Project (SANS)
Nessus Project (Renaud Deraison)
asbLANtools (Albrecht & Partner)
Security CheckBox Aelita Software Group)
OGRE: The "Satan" Of The NT World (AntiOnline)
Nt Spectre (Palo Verde Software)
SAIC CMDS (SAIC)
WheelGroup NetRanger/NetSonar (WheelGroup)
TIS Stalker/WebStalker (TIS)
AXENT OmniGuard/ESM (Axent)
ISS SAFEsuite (ISS)
SNI Ballista (SNI)
Bellcore PINGWARE (Bellcore)
AbirNet SessionWall (AbirNet)
NGC CyberCop (NGC)
March Security Manager (March)
Intrusion Detection KSA and KSM (Intrusion Detection)
Product
Comparisons
On
Top
Network
security scanners - Sniffing out network holes
(February 1999, InfoWorld)
Holy Intruders!: IP-Based Security Auditing Tools
(July 1998, Network Computing)
Cracker Tracking: Tighter Security with Intrusion Detection
(May 1998, BYTE)
Digital sentries: Network intrusion-detection solutions
(May 1998, InfoWorld)
The key to network security
(March 1998, InfoWorld)
Beating back the hackers
(October 1997, Network World)
Others
rootshell.com:
Security Tools and Related Documents
MJR Security-related Publications,
Editorials, and Source Code
Raptor Systems' Security Library
Matt's Unix Security Page
DII
COE Security Checklist
Intrustion
Detection Papers @ Network Security Information
Insertion,
Evasion, and Denial of Service: Eluding Network Intrusion Detection (paper)
Imperfections of knows ID Systems.
Intrusion Detection (paper)
How to build and implement a simple intrusion detection system using TCP
Wrappers and other tools.
50 Ways to Defeat Your Intrusion
Detection System (checklist)
Something here is very interesting, especially for those security experts, who
tries to make own IDS.
Intrusion Detection FAQ
(paper)
Not so many info as in previous, but somethig interesting here too.
FAQ:
Network Intrusion Detection Systems (faq)
Very interesting, recommeded.
Intrusion Detection Pilot Program
Guide (paper)
A Strategy for Selecting an Intrusion Detection Partner.
Artificial Neural Networks for
Misuse Detection (paper)
Advantages of such systems.
Comprehensive Computer
Network Security Assessment (paper)
A short white paper.
Intrusion Detection:
Challenges and Myths (paper)
Theory mostly. For the CS Department head.
Network- vs. Host-based Intrusion
Detection (paper)
A Guide to Intrusion Detection Technology.
An Introduction to Intrusion
Detection & Assessment (paper)
Nice and big description.
Intrustion
and Security Analysis Software from Packetstorm Library
On
Top
|
Security
Analysis for WindowsNT
|
|
NT
IDS tools
|
Windows
NT Intrusion Detection (IDS) tools.
|
|
NT
Auditing
|
Windows
NT Security Tools.
|
|
NT
Scanners
|
Windows
NT Network Scanners.
|
|
NT
Penetration
|
Windows
NT Penetration Tools.
|
|
NT
Docs
|
Text
files and a few tools related specifically to hacking NT. Compliments of
Mnemonix
|
|
|
|
Security
Analysis for Windows
|
|
Windows
Admin
|
Windows
95/98/NT Administration Utilities.
|
|
Misc.
Windows Files
|
Winsock,
VB and OCX files needed to run various applications.
|
|
|
|
Security
Analysis for Novell/Netware
|
|
Netware
Penetration
|
Novell/Netware
Penetration Tools.
|
|
Pandora
|
Pandora
- the SATAN of Netware.
|
|
Netware
Auditing
|
Novell/Netware
Security Tools.
|
|
|
|
Security
Analysis for MS-DOS
|
|
MS-DOS
Penetration
|
MS-DOS
Penetration Tools.
|
|
MS-DOS
Auditing
|
MS-DOS
Security Tools.
|
|
MS-DOS
Administration
|
MS-DOS
Administration Utilities.
|
|
|
|
Security
Analysis for Unix
|
|
UNIX
Auditing
|
UNIX
Security tools.
|
|
nmap
|
Fyodor's
infamous scanning, OS indentification and auditing tool.
|
|
Nessus
|
The
Nessus Internet Security Scanner
|
|
SATAN
|
Security
Administrator's Tool for Analyzing Networks.
|
|
COPS
|
Computer
Oracle and Password System. UNIX Security Auditing Tool.
|
|
TIGER
|
System
monitoring tool similar to COPS.
|
|
ISS
|
Internet
Security Scanner (freeware version).
|
|
UNIX
Scanners
|
UNIX
Network Scanning Utilities
|
|
UNIX
Root Kits
|
UNIX
Root Kits.
|
|
UNIX
Log Wipers
|
UNIX
log files wipers.
|
|
UNIX
Utilities
|
Various
UNIX Utilities.
|
|
Firewalk
|
Firewalking
is a technique that employs traceroute-like techniques to analyze IP
packet responses to determine gateway ACL filters and map networks.
|
|
UNIX
Miscellaneous Tools
|
Miscellaneous
UNIX Security Tools.
|
|
|
|
Security
Analysis for Linux
|
|
Trinux
|
Trinux
is a Linux distribution that boots from two floppies (right now) and
runs solely from two ramdisks, containing a plethora of security tools.
Ideal for consultants adminstrators, etc. The homepage is here.
|
|
Linux
Administration
|
How
to install Linux, Linux System Administrators' Guide, Network
Administrators' Guide, Linux Kernel Hackers' Guide, Linux Programmers'
Guide, Topic Specific Linux HOWTO Guides
|
|
|
|
Security
Analysis for Cracking, Hex Editing, Disassembling
|
|
Hex
Editors/Disassemblers
|
Hex
Editors, Disassemblers, Assemblers, Cracking, etc.
|
|
Password
Crackers
|
Password
crackers. All platforms, All OS's.
|
|
Windows
NT Password Crackers
|
Windows
NT Password Crackers.
|
|
l0phtcrack
|
L0phtcrack
v2.52 and earlier. *The* Windows NT passwd cracker. Thanks to l0pht
for letting us host this.
|
|
Crack
|
Crack
v5.0. UNIX password cracker.
|
|
Word
lists
|
Wordlists,
wordlists, and more wordlists.
|
|
|
|
Security
Analysis for Sniffer Detection
|
|
AntiSniff
|
AntiSniff
- remote packet sniffer detection. Thanks again to l0pht
for letting us host.
|
|
Sentinel
|
The
Sentinel project is designed to be a portable, accurate implementation
of all publicly known promiscuous detection techniques.
|
|
|
|
Security
Analysis for Distributed Attack Tools
|
|
Distributed
|
Distributed
Attack Tools.
|
|
|
|
Security
Analysis Miscellaneous Tools
|
|
Wingate
Scanners
|
Wingate
Scanners/Detectors, and IP broadcast scanners.
|
|
Spoofing
|
Spoofit,
IP spoofing guides, IP spoofing tools and code for UNIX and Windows
platforms.
|
|
Misc.
Hacking
|
Miscellaneous
hacking
|
And
if that is not enough for you... here are
On
Top
Jim
Truitt - Information Systems Security Engineer CISSP's handpicked intrusion
links... SANS Intrusion Detection and Response FAQ
FAQ: Network
Intrusion Detection Systems
GAO EXECUTIVE REPORT -
B-266140
Intrusion Detection and Response
Intrusion Detection
Resources
COAST Hotlist - Intrusion
Detection
Intrusion
Detection Systems
Intrusion
Detection Pages
SRI/CSL's: Intrusion
Detection Page
Adaptive
Intrusion Detection system
An
Intelligent Tutor for Intrusion Detection on Computer Systems
Another Intrusion
Detection Bibliography
Audit Workbench
CERT Coordination Center
COAST Projects
Computer Misuse Detection System
Computer Security Research Laboratory at
UC Davis
UC Davis Current Projects
CSIS Home Page
Intruder Detection
Checklist
Graph-based
Intrusion Detection System
some refs
ID bibliography
Intrusion Detection
Security Dynamics' family of Kane Security solutions
IDS
Bibliography
Intrusion
Detection Bibliography
Intrusion Detection for
Large Networks
Intrusion
Detection Systems
MCN's Intrusion Information
POLYCENTER Security
Intrusion Detector
Stakeout Home Page
The SPI-NET Product
University of Wollongong,
Department of Computer Science
Cybercrime,
Infowar, and Infosecurity
Protection
and Defense of Intrusion
Haystack
Active Security
Touch Technologies, Inc.
Product Offerings
An
Intelligent Tutor for Intrusion Detection on Computer Systems
Intrusion
Detection Tools
RealSecure Specs
COAST
Autonomous Agents for Intrusion Detection Group
Fraud
And Intrusion Detection For Financial Information Systems Using Meta-Learning
Agents
FSTC Home Page
Presentation
de la these de Ludovic Me
COAST
Audit Trails Format Group
COAST
Audit Trail Reduction Group
System V/MLS for NCR PCs
is first B1-rated secure UNIX product
Academic Research, Computer Science
PRéCis
Common Intrusion Detection
Framework
Detecting
Signs of Intrusion
Intrusion Detection
Subgroup Report - December 1997
Intrusion Detection
Subgroup Report (Dec. 1997)
The Electronic Intrusion
Threat to NS/EP Telecommunications
CIAC-2305 UNIX Incident
Guide How to Detect an Intrusion
modeling and detecting
computer intrusions
HP OpenView Node Sentry
CERT® Security Improvement
Modules
Detecting
Signs of Intrusion
An
Introduction to Intrusion Detection And Assessment
Operational vs. Structural IDS
RAID (Recent Advances in
Intrusion Detection)
Managing Intrusions
NetworkICE
Corporation
NSA Intrusion Detection Tools
Inventory
Security - Intrusion
Detection
Proceedings of the 1st
Workshop on Intrusion Detection and Network Monitoring
Intrusion
Alert is UAC's intrusion detection system
IDS mailing list archives
SecureZone
Intrusion Detection
An Introduction to
Intrusion Detection
Intrusion
Detection Exchange Format (idwg)
Top:Security:Network:Intrusion
Detection:Attack Detection
Nidsbench
Check
Point RealSecure
Spotting
intruders
Agencies
lay groundwork for intrusion-detection network
Information
for Vendors of Intrusion Detection Capabilities
Intrusion
Today
Intrusions
CSI Intrusion Detection System
Resource
Spotting
intruders
GSA
launches intrusion-detection net
Network Security Wizards
To Build A Honeypot
Whitepapers &
Publications
Intrusion Detection & Analysis
IT Security publications (RCMP)
RAID
98
Bro: A System for Detecting
Network Intruders in Real-Time
^
On
Top
Ricerca
su ASTALAVISTA
|
ICQ: