Best View 1024 x 768






Home Page


W W W . J N E T W O R L D . C O M


Home > Hackers > Intrusion Detection

Tutto il materiale contenuto in questa sezione è a scopo informativo pertanto non mi riterrò responsabile dell'utilizzo che ne verrà fatto da parte degli utenti.



Rendersi invisibili nella reteE-mail anonime



Intrusion Detection and Network Auditing on the Internet


Articles Written about Intrusions Detection

Firewalls and Internet Security, the Second Hundred Years
An overview of the evolution of Internet firewalls with a look towards the future. Printed in the June 1999 issue of Cisco's The Internet Protocol Journal.

The Castle Defense
A primer for enterprise system and network protection. A Performance Computing Special Report from the July 1999 issue.

Firewalls: Are We Asking Too Much?
Information Security magazine cover story, May, 1999. Allowing a new service through a firewall is easy. Doing it while maintaining the same high level of security isn’t.

Security Axioms
Some are true, some just sound true. It is important to know which is which.

Intrusion Detection Joins Net Security Arsenal
Internet World, March 22, 1999. An overview of the passive and active techniques that work together to help systems administrators stay on top of intrusion perils.

Windows NT Security
Written by high school senior Kevin Shivers (class of '99) as part of a senior project, this paper gives systems managers an overview of Windows NT system security problems and how to plug them.

Software Review: Sendmail Pro
This is a Performance Computing April 1999 review of Sendmail, Inc.'s first commercial Sendmail product. (I liked it.)

MailGuardian delivers transparent security to users
This is an InforWorld February 8, 1999 review of Vanguard Security Technologies' MailGuardian product. MailGuardian provides e-mail security.

The Foundations of Enterprise Network Security
Originally published in Data Security Management, February 1999. Copyright © 1999 Auerbach Publications. User by permission. This article discusses the initial work that must be done to establish a network and computer security perimeter. Specifically, we discuss business needs analysis, risk assessments, security policy development, and the selection of mechanisms and establishment of methods.

Identity Confirmed
An "Issues and Trends" piece published in Network World
August 24, 1998. This is a discussion of biometric authentication devices, such as fingerprint readers, voice recognition systems, and retinal scanners.

Some Important VPN Questions Answer (A CSI Interview)
From the Computer Security Alert Number 185, August 1998.

A Multi-Dimensional Approach to Internet Security
From Volume 2.2 of the ACM netWorker magazine, 1998. This article discusses all the things that make up the establishment of computer and network security. Firewalls are not enough.

A Computer and Network Security Primer
1998. A short paper written to explain some of the basic terminology.

An Approach to Computer Security

Originally published in the TIS Data Security Letter in 1996. This is a short editorial arguing for doing the groundwork of network security.

Application Gateways and Stateful Inspection

Revised January 1998. There has been much discussion and marketing hype surrounding application gateways and stateful multilevel inspection as architectures for firewall development. After a lengthy discussion on the firewalls mailing list, the authors wrote and distributed this paper. It is the result of experience, observation, and input from the members of the firewalls mailing list.

Firewalls and Virtual Private Networks
1996. A brief article discussing VPNs and how they are supported by Internet firewalls.

A Network Perimeter with Secure External Access
Proceedings of the ISOC NDSS Symposium, 1996. This paper, coauthored by Marcus Ranum, discusses a research project for DARPA in which two of the goals were to raise the level of network and computer security for the White House and to securely put the President on-line for e-mail access.

Tracing Electronic Mail
1996 Based on a short training session for the US Secret Service on the methods to use to trace electronic mail, this paper should be helpful for system managers and postmasters.

The Seven Tenets of Good Security.
Rules to live by.

Network Security: Building Internet Firewalls
Originally published in the BUSINESS COMMUNICATIONS REVIEW, January 1994. This magazine articles is an introduction to Internet Firewalls and, though old by Internet standards, is still useful.

A Toolkit and Methods for Building Internet Firewalls
Proceedings of the summer USENIX conference, 1994 In this paper, Marcus Ranum and Fred Avolio discuss one of the results of the DARPA project to establish and secure WhiteHouse.Gov and the President's e-mail. Specifically, it is the first formal description of the TIS Internet Firewall Toolkit (FWTK).


On Top

Primer materials to start your learning journey


An Introduction to Intrusion Detection and Assessment
By Becky Bace in PDF format.

An Introduction to Intrusion Detection
An article written by Aurobind Sundaram in the Association for Computing Machinery's newsletter Crossroads.

COAST Intrusion Detection Pages
An excellent primer on Intrusion Detection.

FAQ: Network Intrusion Systems
A well done FAQ that covers the core concepts of Intrusion Detection on several operating systems.

Getting the drop on Network Intruders
An overview of Network Intrusion Detection Software by Ellen Messmer Source: Network World, 10/04/99

Managing Intrusions
A brief Whitepaper by Peter Stephenson that covers the basics.


On Top

Intrusion Detection Web Sites


CSI Intrusion Detection System Resource
The Computer Security Institute is a membership organization that serves and trains IS professionals on how to protect their networks. Although most of their site content is available to members only, some excellent material is available. Check out the CSI Roundtable discussion on present and future intrusion detection systems.

COAST Intrusion Detection Hotlist
An excellent place to delve into the world of intrusion detection. 

Intrusion Detection Consortium
The Intrusion Detection Systems Consortium (IDSC) was established in 1998 to provide an open forum in which developers could work toward common goals such as educating end users, creating industry standards, product interoperability, and maintaining product integrity.

SRI/CSL's Intrusion Detection Page
Home of the SRI International Computer Science Laboratory. Lots of whitepapers and other resources, but hasn't been updated since 1997...


On Top

Technical Articles


50 ways to defeat your Intrusion Detection System
By Fred Cohen & Associates

Anatomy of an Intrusion
A great eye-opening article on Intrusions by Greg Shipley, published in Network Computing's Security Workshop, Oct 1999

Can Intrusion Detection Keep an Eye on Your Network?s Security?

Catching network and host attacks as they happen sn?t always possible with firewalls and other security tools. Intrusion detection can be your eyes and ears throughout the enterprise. Source: Network Magazine (April 1999)

Cracker Tracking: Tighter Security with Intrusion Detection
An Article in BYTE Magazine by Michael Hurwicz. Discusses the differences between host and network based detection systems and does a brief comparison of some of the major products on the market.

Data Mining Approaches for Intrusion Detection
An interesting whitepaper from Columbia University's Computer Science Department

Detecting Signs of Intrusion 
From CERT at Carnegie Mellon University

Effective Security Monitoring
A sample chapter from MS Press Security, Audit, and Control Book. 

Hacker Alert - Intrusion Detection Software is hot , but can it really stop Hacker's cold?
A hard look at what options are out there, and how they actually function in the real world, by Ellen Messmer in Network World, Sept 27, 1999

How to Audit Windows NT Security
Article by Stuart Henderson, Sept 1997

How to Build a Honeypot
An excellent and unique article by Lance Spitzner on how to create a lab environment to teach and learn how hackers test system vulnerabilities.

Intrusion Detection Tools to stop hackers cold
A review of host based monitoring and network based scanners by Ellen Messmer, Network World, 2/15/99

Intrusion Today
A small news archive from the NetworkICE corporation

Intrusion Detection and Response
A whitepaper on the viability of Intrusion Detection Systems from National Info-Sec at the Lawrence Livermore National Laboratories

Intrusion Detection provides a pound of prevention
Article by Mark Abene in Network Computing's Security Workshop, August 1997

Responding to Intrusions
From CERT at Carnegie Mellon University

Security Reality Check
Intrusion detection spots bad things happening in your network?..sometimes. Source: Network Magazine (July 1999)

Sniffing out Network Intruders
A Product comparison and introduction to Network Sniffer programs Source: InfoWorld's Test Center. (Feb 1999)

Spotting Intruders
A great article by Brian Robinson. Source:Federal Computer Week, March 1999

To Catch an Internet Thief
Tracking intruders back to their lairs may require an Internet posse. Source: Network Magazine (Feb 1999)

Working with the NT Security Log
By Paul E. Proctor, Windows NT Systems Magazine, Sept 1997


On Top

FAQs & White Papers


FAQ: Network Intrusion Detection Systems

FAQ: Network Intrusion Detection Systems

(Technical Incursion Countermeasures)

CSI Intrusion Detection System Resource

(Computer Security Institute)

Eluding Network Intrusion Detection

(January 1998, Thomas H. Ptacek, Timothy N. Newsham)

Bro: A System for Detecting Network Intruders in Real-Time
(January 1998, Vern Paxson)

50 Ways to Defeat Your Intrusion Detection System

(December 1997, Fred Cohen)

An Analysis Of Security Incidents On The Internet 1989 - 1995
(April 1997, John D. Howard)

An Introduction to Intrusion Detection

(1996, Aurobindo Sundaram)

NITB Intrusion Detection and Response

(1996, Lawrence Livermore National Laboratory)

A Methodology for Testing Intrusion Detection Systems

(1996,  Zhaung, M. Chung, B. Mukherjee, and R. Olsson)

COAST Intrusion Detection Pages

Smurf Attack
(Craig A. Huegen)

Ping o' Death Page
(Malachi Kenney)

TCP SYN Flooding Attacks and Remedies
(Rik Farrow)

Sequence Number Attacks
(Rik Farrow)

USENET Computer Security FAQs


On Top



Shake Vulnerabilities Database (Shake Communications)

Fyodor's Exploit world

RSI Denial of Service Database

Security Bugware
(Hrvoje Crvelin)

ISS X-Force Vulnerability Database

Infilsec Vulnerability Engine

Netcraft Internet Security Diary

L0pht Advisories

SNI Security Advisories


On Top

Security Audit & Intrusion Detection Tools


NTInfoScan (David Litchfield)

Deception Toolkit
(Fred Cohen & Associates)

(Internet Dynamics)


(Tripwire Security Systems)

WebTrends Security Analyzer

L0pht / NFR IDS Modules

(Pedestal Software)

Entry 2.0 for Windows 95

(Simple Nomad)

(Future IT)

SAINT: Security Administrator's Integrated Network Tool


Cooperative Intrusion Detection Evaluation and Response (CIDER) Project

Nessus Project
(Renaud Deraison)

(Albrecht & Partner)

Security CheckBox
Aelita Software Group)

OGRE: The "Satan" Of The NT World

Nt Spectre
(Palo Verde Software)


WheelGroup NetRanger/NetSonar

TIS Stalker/WebStalker



SNI Ballista


AbirNet SessionWall

NGC CyberCop

March Security Manager

Intrusion Detection KSA and KSM
(Intrusion Detection)

Product Comparisons

On Top

Network security scanners - Sniffing out network holes
(February 1999, InfoWorld)

Holy Intruders!: IP-Based Security Auditing Tools

(July 1998, Network Computing)

Cracker Tracking: Tighter Security with Intrusion Detection

(May 1998, BYTE)

Digital sentries: Network intrusion-detection solutions

(May 1998, InfoWorld)

The key to network security

(March 1998, InfoWorld)

Beating back the hackers

(October 1997, Network World)


Others Security Tools and Related Documents
MJR Security-related Publications, Editorials, and Source Code
Raptor Systems' Security Library
Matt's Unix Security Page
DII COE Security Checklist


Intrustion Detection Papers @ Network Security Information


Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection (paper)
Imperfections of knows ID Systems.

Intrusion Detection (paper)
How to build and implement a simple intrusion detection system using TCP Wrappers and other tools.

50 Ways to Defeat Your Intrusion Detection System (checklist)
Something here is very interesting, especially for those security experts, who tries to make own IDS.

Intrusion Detection FAQ (paper)
Not so many info as in previous, but somethig interesting here too.

FAQ: Network Intrusion Detection Systems (faq)
Very interesting, recommeded.

Intrusion Detection Pilot Program Guide (paper)
A Strategy for Selecting an Intrusion Detection Partner.

Artificial Neural Networks for Misuse Detection (paper)
Advantages of such systems.

Comprehensive Computer Network Security Assessment (paper)
A short white paper.

Intrusion Detection: Challenges and Myths (paper)
Theory mostly. For the CS Department head.

Network- vs. Host-based Intrusion Detection (paper)
A Guide to Intrusion Detection Technology.

An Introduction to Intrusion Detection & Assessment (paper)
Nice and big description.

Intrustion and Security Analysis Software from Packetstorm Library

On Top

Security Analysis for WindowsNT

NT IDS tools

Windows NT Intrusion Detection (IDS) tools.

NT Auditing

Windows NT Security Tools.

NT Scanners

Windows NT Network Scanners.

NT Penetration

Windows NT Penetration Tools.

NT Docs

Text files and a few tools related specifically to hacking NT. Compliments of Mnemonix

Security Analysis for Windows

Windows Admin

Windows 95/98/NT Administration Utilities.

Misc. Windows Files

Winsock, VB and OCX files needed to run various applications.

Security Analysis for Novell/Netware

Netware Penetration

Novell/Netware Penetration Tools.


Pandora - the SATAN of Netware.

Netware Auditing

Novell/Netware Security Tools.

Security Analysis for MS-DOS

MS-DOS Penetration

MS-DOS Penetration Tools.

MS-DOS Auditing

MS-DOS Security Tools.

MS-DOS Administration

MS-DOS Administration Utilities.

Security Analysis for Unix

UNIX Auditing

UNIX Security tools.


Fyodor's infamous scanning, OS indentification and auditing tool.


The Nessus Internet Security Scanner


Security Administrator's Tool for Analyzing Networks.


Computer Oracle and Password System. UNIX Security Auditing Tool.


System monitoring tool similar to COPS.


Internet Security Scanner (freeware version).

UNIX Scanners

UNIX Network Scanning Utilities

UNIX Root Kits

UNIX Root Kits.

UNIX Log Wipers

UNIX log files wipers.

UNIX Utilities

Various UNIX Utilities.


Firewalking is a technique that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks.

UNIX Miscellaneous Tools

Miscellaneous UNIX Security Tools.

Security Analysis for Linux


Trinux is a Linux distribution that boots from two floppies (right now) and runs solely from two ramdisks, containing a plethora of security tools. Ideal for consultants adminstrators, etc. The homepage is here.

Linux Administration

How to install Linux, Linux System Administrators' Guide, Network Administrators' Guide, Linux Kernel Hackers' Guide, Linux Programmers' Guide, Topic Specific Linux HOWTO Guides

Security Analysis for Cracking, Hex Editing, Disassembling

Hex Editors/Disassemblers

Hex Editors, Disassemblers, Assemblers, Cracking, etc.

Password Crackers

Password crackers. All platforms, All OS's.

Windows NT Password Crackers

Windows NT Password Crackers.


L0phtcrack v2.52 and earlier. *The* Windows NT passwd cracker. Thanks to l0pht for letting us host this.


Crack v5.0. UNIX password cracker.

Word lists

Wordlists, wordlists, and more wordlists.

Security Analysis for Sniffer Detection


AntiSniff - remote packet sniffer detection. Thanks again to l0pht for letting us host.


The Sentinel project is designed to be a portable, accurate implementation of all publicly known promiscuous detection techniques.

Security Analysis for Distributed Attack Tools


Distributed Attack Tools.

Security Analysis Miscellaneous Tools

Wingate Scanners

Wingate Scanners/Detectors, and IP broadcast scanners.


Spoofit, IP spoofing guides, IP spoofing tools and code for UNIX and Windows platforms.

Misc. Hacking

Miscellaneous hacking

And if that is not enough for you... here are

On Top

Jim Truitt - Information Systems Security Engineer CISSP's handpicked intrusion links... SANS Intrusion Detection and Response FAQ
FAQ: Network Intrusion Detection Systems
Intrusion Detection and Response
Intrusion Detection Resources
COAST Hotlist - Intrusion Detection
Intrusion Detection Systems
Intrusion Detection Pages
SRI/CSL's: Intrusion Detection Page
Adaptive Intrusion Detection system
An Intelligent Tutor for Intrusion Detection on Computer Systems
Another Intrusion Detection Bibliography
Audit Workbench
CERT Coordination Center
COAST Projects
Computer Misuse Detection System
Computer Security Research Laboratory at UC Davis
UC Davis Current Projects
CSIS Home Page
Intruder Detection Checklist
Graph-based Intrusion Detection System
some refs
ID bibliography
Intrusion Detection Security Dynamics' family of Kane Security solutions
IDS Bibliography
Intrusion Detection Bibliography
Intrusion Detection for Large Networks
Intrusion Detection Systems
MCN's Intrusion Information
POLYCENTER Security Intrusion Detector
Stakeout Home Page
The SPI-NET Product
University of Wollongong, Department of Computer Science
Cybercrime, Infowar, and Infosecurity
Protection and Defense of Intrusion
Haystack Active Security
Touch Technologies, Inc. Product Offerings
An Intelligent Tutor for Intrusion Detection on Computer Systems
Intrusion Detection Tools
RealSecure Specs
COAST Autonomous Agents for Intrusion Detection Group
Fraud And Intrusion Detection For Financial Information Systems Using Meta-Learning Agents
FSTC Home Page
Presentation de la these de Ludovic Me
COAST Audit Trails Format Group
COAST Audit Trail Reduction Group
System V/MLS for NCR PCs is first B1-rated secure UNIX product
Academic Research, Computer Science
Common Intrusion Detection Framework
Detecting Signs of Intrusion
Intrusion Detection Subgroup Report - December 1997
Intrusion Detection Subgroup Report (Dec. 1997)
The Electronic Intrusion Threat to NS/EP Telecommunications
CIAC-2305 UNIX Incident Guide How to Detect an Intrusion
modeling and detecting computer intrusions
HP OpenView Node Sentry
CERT® Security Improvement Modules
Detecting Signs of Intrusion
An Introduction to Intrusion Detection And Assessment
Operational vs. Structural IDS
RAID (Recent Advances in Intrusion Detection)
Managing Intrusions
NetworkICE Corporation
NSA Intrusion Detection Tools Inventory
Security - Intrusion Detection
Proceedings of the 1st Workshop on Intrusion Detection and Network Monitoring
Intrusion Alert is UAC's intrusion detection system
IDS mailing list archives
SecureZone Intrusion Detection
An Introduction to Intrusion Detection
Intrusion Detection Exchange Format (idwg)
Top:Security:Network:Intrusion Detection:Attack Detection
Check Point RealSecure
Spotting intruders
Agencies lay groundwork for intrusion-detection network
Information for Vendors of Intrusion Detection Capabilities
Intrusion Today
CSI Intrusion Detection System Resource
Spotting intruders
GSA launches intrusion-detection net
Network Security Wizards
To Build A Honeypot
Whitepapers & Publications
Intrusion Detection & Analysis
IT Security publications (RCMP)
Bro: A System for Detecting Network Intruders in Real-Time



^ On Top



ICQ: 64895872 - E-mail:

Best view: 1024 x 768 / all right reserved © 2000/2001 The Last Day in the Web 




On Top