IDS mailing list archives
Re: self authentication for sensors in ids ?
From: Michal Melewski <mike () pn66 poznan sdi tpnet pl>
Date: Wed, 28 Jan 2004 15:46:45 +0100
On Mon, Jan 12, 2004 at 11:28:13PM +0530, Gaurav_Jindal wrote:
Hi,
Hello [...]
(5) Alos please suggest any future directions.
When i was developing my own distributed HBIDS I had a very similar problem - "How to make sure that remote sensor is still in my own hands." Here is what I invented. 1. At the beggining sensor works in passive mode (passive mean that it can only send some kind of heartbeat message) and all communication is unencrypted. 2. If IDS administrator is sure, that sensor hasn't been compromised he gives the sensor a password for his gpg key and activate it. 3. When sensor is active he can send alarms and each packet should be signed and encrypted, and ofcourse supplied with a md5 sum (or better sha1) of currently running code. 4. Packet is veryfied and accepted by server. If attacker managed to replace a sensor, the gpg sign wouldn't be valid and then we know, that something happend. I had no time to check this idea in practice (lack of time), but within a month (after the exams) i will try to do something like this.
Thanking you, With Regards, Gaurav Jindal
-- Michael "carstein" Melewski | "Humanistą był Kepler, był Liebnitz. carstein () poznan linux org pl | Człowiek definiujący humanizm jako mobile: 502 545 913 | brak umiejętności całkowania gpg: carstein.c.pl/carstein.txt | humanistą nie jest." --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- self authentication for sensors in ids ? Gaurav_Jindal (Jan 12)
- Re: self authentication for sensors in ids ? Martin Roesch (Jan 12)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 12)
- Re: self authentication for sensors in ids ? Yoann Vandoorselaere (Jan 13)
- Re: self authentication for sensors in ids ? Michal Melewski (Jan 28)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 30)
- Re: self authentication for sensors in ids ? Michal Melewski (Jan 30)
- Re: self authentication for sensors in ids ? Stefano Zanero (Jan 30)
- Re: self authentication for sensors in ids ? Martin Roesch (Jan 12)