Federal Computing Week: Spotting mischief
Sep 30, 2001, 23:52 (2 Talkback[s])
(Other stories by Maggie Biggs)
"Some technology managers assume that if they implement
intrusion detection, their security woes will be solved. Nothing
could be further from the truth. However, when intrusion-detection
solutions are deployed along with the other six security layers
experts recommend, they form a security system that will leave
agencies well prepared to combat attacks on or misuse of computing
resources.
...Unix- or Linux-based agencies might also examine another
network-based intrusion-detection solution maintained by Naval
Surface Warfare Center, Dahl.gren Division
(www.nswc.navy.mil/ISSEC/CID). Known as SHADOW, this
intrusion-detection solution monitors your network in near-real
time. Like Snort, SHADOW relies on software-based sensors on your
network and uses the Apache Web server to display its management
interface.
We found that SHADOW took a bit longer to set up than Snort,
mainly because the instructions were not as detailed. We were able
to install both the sensor and the analyzing software after a time,
and we liked the results. But we'd recommend this solution only for
those with experienced Unix or Linux administrators on hand."
Complete Story
Related Stories:
- MachineOfTheMonth: Hacking the hacker(Aug 11, 2001)
- HelpNet Security: Installing and running Tripwire(Aug 06, 2001)
- O'Reilly Network: Tools of the Trade (tcpdump, tripwire)(Jul 14, 2001)
- UnixReview.com: LIDS and Mandatory Access Control (MAC) on Linux(Jul 14, 2001)
- SecurityPortal: Ask Buffy - Logging root commands, xinetd, bcc e-mail tracking
(May 04, 2001)
- SecurityPortal: Ask Buffy - After an Attack; Firewalls and Intrusion Detection; SSL; lpd.(Apr 26, 2001)
- LinuxSecurity.com: Getting Started with Tripwire(Mar 31, 2001)
- Information Security Magazine: Open-Source Security - Open Source Under The Hood(Mar 25, 2001)
- LinuxWorld: Understanding stealth scans: Forewarned is forearmed(Mar 22, 2001)
- SysAdmin: How to Hack UNIX [Part Two of series]
(Mar 17, 2001)
- Linux Journal: Responding to a Security Incident(Mar 14, 2001)
