“Some technology managers assume that if they implement
intrusion detection, their security woes will be solved. Nothing
could be further from the truth. However, when intrusion-detection
solutions are deployed along with the other six security layers
experts recommend, they form a security system that will leave
agencies well prepared to combat attacks on or misuse of computing
resources.…Unix- or Linux-based agencies might also examine another
network-based intrusion-detection solution maintained by Naval
Surface Warfare Center, Dahl.gren Division
(www.nswc.navy.mil/ISSEC/CID). Known as SHADOW, this
intrusion-detection solution monitors your network in near-real
time. Like Snort, SHADOW relies on software-based sensors on your
network and uses the Apache Web server to display its management
interface.We found that SHADOW took a bit longer to set up than Snort,
mainly because the instructions were not as detailed. We were able
to install both the sensor and the analyzing software after a time,
and we liked the results. But we’d recommend this solution only for
those with experienced Unix or Linux administrators on hand.”
Federal Computing Week: Spotting mischief
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis