Detecting Intruders on Your System Is Fun and Easy

Secure Home | Search | About

Lost Password?

General Computer Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Detecting Intruders on Your System Is Fun and Easy

r.masrura

12-11-2007

Re: Detecting Intruders on Your System Is Fun and ...

Martha Adams

12-12-2007

Re: Detecting Intruders on Your System Is Fun and ...

Moe Trin

12-12-2007

Posted by on December 11, 2007, 8:36 am

If you were Registered and logged in, you could reply and use other advanced thread options

Detecting Intruders on Your System Is Fun and Easy

Well, perhaps the title of this chapter is a slightly misleading.
Supposedly, becoming an

intruder is fun and easy, too. If you want to detect intruders, you
should know what type of

system resources can be depended on for providing evidence. Should you
want to become an

intruder, you ought to know how commercial IDSs look for traces of
your activity.

Scanners are designed to take a look at your system and to let you
know whether you have

configuration problems or holes that can be used for attacks. If your
system was previously

set up in a secure fashion, and an intruder has altered this
configuration, a scanner will

detect this change (when you run the scan) and notify you of the
problem.

System-level intrusion detection tools differ from scanners in a
couple of ways. If the IDS

runs in real time, it can let you know the instant a compromise has
occurred. Also, if the

monitor gathers its data by reading an activity stream on the system,
it can detect a range

of features that a single scanner cannot. For example, scanners will
not tell you that

someone just entered three bad passwords and exceeded the failed login
threshold.

By the time you finish this chapter, you will understand the
following:

* How to classify attacks according to how they originate and the
threat they pose
* The pros and cons of different data sources that a system monitor
can use for decisions
* What system monitors can and cannot detect
* The tradeoffs you may need to make for monitoring your systems in
real time
* What it takes to really track someone through a network
As you will soon see, you need to consider a number of issues when
trying to build a

system-level IDS.

You can see the complate articles at http://www.network.79br.com

Posted by Martha Adams on December 12, 2007, 12:01 am

If you were Registered and logged in, you could reply and use other advanced thread options

Is this guy for real? ??

Cheers -- Martha Adams [comp.security.misc 2007 Dec 11]

> Detecting Intruders on Your System Is Fun and Easy

> Well, perhaps the title of this chapter is a slightly misleading.

> Supposedly, becoming an

> intruder is fun and easy, too. If you want to detect intruders, you

> should know what type of

> system resources can be depended on for providing evidence. Should you

> want to become an

> intruder, you ought to know how commercial IDSs look for traces of

> your activity.

> Scanners are designed to take a look at your system and to let you

> know whether you have

> configuration problems or holes that can be used for attacks. If your

> system was previously

> set up in a secure fashion, and an intruder has altered this

> configuration, a scanner will

> detect this change (when you run the scan) and notify you of the

> problem.

> System-level intrusion detection tools differ from scanners in a

> couple of ways. If the IDS

> runs in real time, it can let you know the instant a compromise has

> occurred. Also, if the

> monitor gathers its data by reading an activity stream on the system,

> it can detect a range

> of features that a single scanner cannot. For example, scanners will

> not tell you that

> someone just entered three bad passwords and exceeded the failed login

> threshold.

> By the time you finish this chapter, you will understand the

> following:

> * How to classify attacks according to how they originate and the

> threat they pose

> * The pros and cons of different data sources that a system monitor

> can use for decisions

> * What system monitors can and cannot detect

> * The tradeoffs you may need to make for monitoring your systems in

> real time

> * What it takes to really track someone through a network

> As you will soon see, you need to consider a number of issues when

> trying to build a

> system-level IDS.

> You can see the complate articles at http://www.network.79br.com

Posted by Moe Trin on December 12, 2007, 2:59 pm

If you were Registered and logged in, you could reply and use other advanced thread options

On Wed, 12 Dec 2007, in the Usenet newsgroup comp.security.misc, in article

>Is this guy for real? ??

Of course not. Maybe if you started using a real news reader instead
of some all-singing, all-dancing, automatic mal-ware installing browser,
you'd be able to use a kill file to ignore garbage like that.

Old guy

Similar Threads	Posted
Utimaco Safeguard Easy vulnerability	October 12, 2006, 10:55 pm
Detecting blocks	November 14, 2005, 11:05 am
detecting a keylogger	April 17, 2006, 8:54 am
Detecting Wifi networks	December 20, 2004, 10:41 am
Please help with buying a UPS for my system	October 14, 2005, 2:01 pm
Vulnerabilities Management System	June 11, 2004, 4:50 am
NTFS - System files...	January 4, 2005, 2:21 pm
Bad System Architecture, Accountability	June 14, 2005, 8:14 am
Advice pls on what is happening on my system	December 9, 2005, 5:14 am
Re: Advice pls on what is happening on my system	December 9, 2005, 6:53 am

The site map in XML format XML site map