- Articles
- Authors
- Blogs
- ISA Server Articles
- Links
- Message Boards
- Newsletter
- RSS
- Security Tests
- Services
- Software
- White Papers
Articles & Tutorials
Articles & Tutorials / Intrusion Detection
- Packet fragmentation versus the Intrusion Detection System (IDS) Part 2
- Date - Apr 19, 2007
- More advanced fragrouter options to attempt IDS evasion.
- Packet fragmentation versus the Intrusion Detection System (IDS) Part 1
- Date - Apr 11, 2007
- Packet fragmentation and how it can affect the IDS.
- Tools of the Trade revisited (Part 3)
- Date - Nov 15, 2006
- A look at how Snort views a tool called Cain & Abel.
- Tools of the Trade revisited (Part 2)
- Date - Oct 18, 2006
- The first part of this article series looked at how an IDS could possibly detect certain security tools. Covered was a packet sniffer and network scanner. This article continues with the analysis.
- Tools of the Trade revisited (Part 1)
- Date - Oct 03, 2006
- This article series revisits the article series called “Tools of the Trade”. This time however it will be looked at from the IDS’s perspective.
- Writing Egress Filters for your IDS
- Date - Jun 28, 2006
- In this article we will look at ways of discovering system compromises based on outgoing IDS signatures.
- Packet analysis tools and methodology (Part 4)
- Date - Sep 27, 2005
- In the last part of this article series we will take a look at the alarms generated by myself. This binary log will include several attacks, and some general surfing. We now need to take a look, and separate the chaff from the wheat.
- Packet analysis tools and methodology (Part 3)
- Date - Sep 20, 2005
- It has arguably gotten easier to exploit computers now due to the abundance of attack tools out there today. One of the most powerful ones is the Metasploit Framework. We will take a look at it in this article.
- Packet analysis tools and methodology (Part 2)
- Date - Sep 13, 2005
- In part two of this article series we will learn how to build a powerful analysis suite. Tools covered will be Snort, Snortsnarf, widump, and winpcap. You will also need to install a PERL interpreter, which shall be shown.
- Packet analysis tools and methodology (Part 1)
- Date - Aug 30, 2005
- There are untold billions of packets flying around the web today. A great many of them are of malicious intent. A prelude to malicious activity is often the port scan. We will learn about some of the more popular types of port scans in existence today, and the tools used for them.
- Intrusion Detection Systems FAQ
- Date - Feb 01, 2005
- Intrusion Detection Systems are used to detect malicious activity on your network. This Intrusion Detection Systems FAQ explains different types of network attacks and how to detect them.
- Intrusion Detection Systems (IDS) Part 2 - Classification; methods; techniques
- Date - Jun 15, 2004
- Due to a growing number of intrusion events and also because the Internet and local networks have become so ubiquitous, organizations are increasingly implementing various systems that monitor IT security breaches. This is the second article devoted to these systems. The previous article dealt with IDS categorization and architecture. At this point we will provide further in depth guidance. This includes an overview of the classification of intrusion detection systems and introduces the reader to some fundamental concepts of IDS methodology: audit trail analysis and on-the-fly processing as well as anomaly detection and signature detection approaches. We will also discuss the primary intrusion detection techniques.
- The Science of Host Based Security
- Date - Sep 17, 2003
- Just a few years ago, the focus of enterprise security was primarily split between perimeter security and authentication controls. Security engineers spent their time mulling over firewall implementations, access rights, and the occasional implementation of encryption technologies. A new movement though has overtaken the industry as security breaches have become more and more common despite perimeter defenses, thus forcing enterprises to start reassessing security again from a host based perspective.
- Host-Based IDS vs Network-Based IDS (Part 2 - Comparative Analysis)
- Date - Jul 17, 2003
- The second paper in this two part series, this white paper will focus on HIDS (Host Based Intrusion Detection System)and the benefit of a HIDS within a corporate environment. A comparative analysis will also be done representing the industry leaders and will conclude by deriving at a calculated recommendation. This will aid organizations when deciding on a comprehensive HIDS or NIDS solution.
- Host-Based IDS vs Network-Based IDS (Part 1)
- Date - Jul 10, 2003
- This white paper will highlight the association between Network Based and Host based intrusion detection. A product comparison will be incorporated in a following white paper part 2 to assist in the selection of the appropriate IDS for your organization. Important facts and consideration will be highlighted to assist when selecting a sound intrusion detection system. This white paper will give you a better understanding of the differences between NID and HIDS and will highlight the strengths and weaknesses of both concurrently extending your knowledge and increasing your understanding of the IDS systems.
- Intrusion Detection Systems (IDS) Part I - (network intrusions; attack symptoms; IDS tasks; and IDS architecture)
- Date - Apr 07, 2003
- Due to a growing number of intrusions and since the Internet and local networks have become so ubiquitous, organizations increasingly implementing various systems that monitor IT security breaches. Intrusion Detection Systems (IDS) are those that have recently gained a considerable amount of interest. This is an introductory article to this topic. It gives an overview of several types of detectable attacks, symptoms that help in intrusion detection, describes IDS tasks, different architectures and concepts in this field.
- Understanding Virtual Honeynets
- Date - Mar 06, 2003
- This white paper serves as a reference and knowledge repository on Honeynets and their function within modern interconnected organizations. Honeynets are used as a counter intrusion strategy when learning about intruder’s trends and tactics. Honeynets give you the ability to identify the tools and attack strategies that intruders use against you. Significant information like the information provided by honeynets proves to be vital and should be studied and incorporated into your counter intruder strategy.
- Combat intruders with GFI's latest release of LANguard S.E.L.M.!
- Date - Dec 06, 2002
- Each day the threat to the security of a corporate network increases and exploited vulnerabilities seem to multiply exponentially. A breached enterprise network can yield trade secrets, expose core business functions or have its information destroyed by intruders bent on profit, mayhem and mischief. In-depth defense is the only solution to this problem in an increasingly interconnected world - and surveillance is the first bulwark of defense.
- What You Need to Know About Intrusion Detection Systems
- Date - Nov 18, 2002
- Firewalls and other simple boundary devices lack some degree of intelligence when it comes to observing, recognizing, and identifying attack signatures that may be present in the traffic they monitor and the log files they collect. Without sounding critical of such other systems’ capabilities, this deficiency explains why intrusion detection systems are becoming increasingly important in helping to maintain proper network security.
- Keeping IDS In-House
- Date - Oct 14, 2002
- Many managers and network administrators believe that since they have a firewall constructed by security experts then they are protected from unwarranted attacks and can sleep well at night. Nothing could be further from the truth!
- Kuda idiosz, IDS - What is going on with the IDS?
- Date - Oct 01, 2002
- While looking through commercial offers for IDS products one may get the impression that in the near future, it will no longer be necessary to have an experienced administrator or security guru to monitor and maintain IT security systems. Already, the administrator’s role is seen as “a monkey with nothing better to do than push a flashing button”. Such a perception may be explained in terms of increasingly “intelligent” IDS solutions.
- Securing Windows 2000 Using an event log monitoring system
- Date - Sep 06, 2002
- As a network administrator, I’m sure you understand the critical nature of security event ID 529. Well, possibly not. If you have Windows 2000 auditing enabled, you’re probably very familiar with the incredible number of event types that you come across when viewing your Security logs.
- Why is a firewall alone not enough? What are IDSes and why are they worth having?
- Date - Aug 22, 2002
- Is a firewall the ultimate solution? Total reliance on the firewall tool, may provide a false sense of security. The firewall will not work alone (no matter how it is designed or implemented) as it is not a panacea. The firewall is simply one of many tools in a toolkit for IT security policy.
Articles & Tutorials topic
- [109] Authentication, Access Control & Encryption
- Updated: Jul 01, 2009
- [9] Content Security (Email & FTP)
- Updated: Apr 16, 2008
- [24] Firewalls & VPNs
- Updated: Jul 23, 2008
- [23] Intrusion Detection
- Updated: Apr 19, 2007
- [118] Misc Network Security
- Updated: Jun 10, 2009
- [6] Product Reviews
- Updated: Mar 08, 2007
- [26] Viruses, trojans and other malware
- Updated: Oct 10, 2007
- [9] Web Application Security
- Updated: Oct 22, 2008
- [17] Web Server Security
- Updated: Sep 06, 2006
- [33] Windows 2003 Security
- Updated: May 23, 2007
- [7] Windows Networking
- Updated: Jan 26, 2006
- [99] Windows OS Security
- Updated: Feb 25, 2009
- [13] Wireless Security
- Updated: Dec 28, 2006
Featured Links*
Become a WindowSecurity.com member!
Discuss your security issues with thousands of other network security experts. Click here to join!