Linux Today: Linux News On Internet Time.

Federal Computing Week: Spotting mischief

Sep 30, 2001, 23:52 (2 Talkback[s])
(Other stories by Maggie Biggs)
"Some technology managers assume that if they implement intrusion detection, their security woes will be solved. Nothing could be further from the truth. However, when intrusion-detection solutions are deployed along with the other six security layers experts recommend, they form a security system that will leave agencies well prepared to combat attacks on or misuse of computing resources.

...Unix- or Linux-based agencies might also examine another network-based intrusion-detection solution maintained by Naval Surface Warfare Center, Dahl.gren Division (www.nswc.navy.mil/ISSEC/CID). Known as SHADOW, this intrusion-detection solution monitors your network in near-real time. Like Snort, SHADOW relies on software-based sensors on your network and uses the Apache Web server to display its management interface.

We found that SHADOW took a bit longer to set up than Snort, mainly because the instructions were not as detailed. We were able to install both the sensor and the analyzing software after a time, and we liked the results. But we'd recommend this solution only for those with experienced Unix or Linux administrators on hand."

Complete Story

Related Stories: