Firewall Wizards mailing list archives
Welcome to ids (fwd)
From: Darren Reed <darrenr () cyber com au>
Date: Tue, 17 Feb 1998 13:55:04 +1100 (EST)
[...]
Here's the general information for the list you've subscribed to, in case you don't already have it: [Last updated on: Wed Sep 18 13:49:59 1996] + ================================================ + || ___ ____ ___ ----------------------------- || || I | \ / I N T R U S I O N ----- || || I | / \__ D E T E C T I O N ------ || || I | / \ S Y S T E M S ------- || || _I___|_/_______/ -------------------- || || || + === M A I L I N G =========== L I S T ========== + Welcome to the Intrusion Detection Systems Mailing List. The list is a forum for discussion on topics related to development of intrusion detection systems. -= IDS Relevant Topics =- ++++ Audit Collection/Filtering ++++ + Profiling Techniques + + Detection Methods + + Knowledge Based Expert Systems + + Fuzzy Logic Systems + ++++ Neural Networks ++++ ===== Intruder Methods and Tools ===== = == Advisories (CERT, CIAC, 8lgm) = == = == Telecommunications Fraud = == = == Financial Fraud = == = == Fraud Detection/Prevention Systems = == ==== ==== **** Security Policies **** * * * * ** ** ** ** * * * * **** **** ---- IRC Conferences ---- The intrusion detection channel on irc is #ids. Hook in anytime, there may be someone around to chat with. For those not familiar with IRC I suggest getting the IRC FAQ from Usenet news.answers. Additionally, discussions sessions can be organised via IRC. ---- Using the Mailing List ---- Majordomo list management software is being used to run the forum. If you haven't used majordomo mailing lists before, I suggest you obtain the "help" file. The help file will give a description of the commands supported by this version and the syntax required. This is done by sending: --> To: majordomo () uow edu au --> Subject: (not important) --> Body: help All commands are handled by the above address. NOTE: mail for the list is not to be sent to the above address. Mail for the ids mailing list should be directed to: --> To: ids () uow edu au --> Subject: please try give appropriate subject names --> Body: message for the forum Also information on subscribing and unsubscribing to the ids mailing list can be retrieved by mailing to "ids-request () uow edu au" with body "help". If you need to discuss any additional ideas related to the services of the mailing list you can send mail to the list maintainer by sending: --> To: ids-owner () uow edu au Please try only send mail in regard to problems or ideas related to the running of the mailing list. ---- Introduction to Intrusion Detection Systems ---- Todays growth and reliance on computer systems is phenomenal, there has been no other age in human-kind in which the rate of change has been so explosive. However this rapid growth has often meant choosing the quickest and easiest strategies to implement and maintain the computer systems. A lack of resources and expertise often results in the security responsibility being shared amongst users with the most computer experience. It is not uncommon to find that there is no dedicated system administrator let alone specialised security officers. Hence, many systems are implemented without any regards to sound security strategies. There have been -= MANY =- hacker/cracker/phreaker stories reported in the news over the years, some which were more hyped than others. Dramatic movies such as Wargames, which shows a college student who nearly starts a "Thermonuclear War" because this bright young hacker decided he "want[ed] to play a game ?" with a high security military computer system. This cult movie was accredited as inspiring a whole new generation of system hackers, or as the older generation of hackers prefer "crackers". Another movie "Sneakers" revolves around a tiger team whose job was to test the security of banks by attempting to break into them. Later they are hired to steal a powerful decryption box that was able to decipher all American encryption systems. Though such movies are obviously highly fictional [ -= Clipper =- Doh! ], there have been many all-too-real accounts. One such account, is outlined in Cliff Stoll's "The Cuckoos Egg". Stoll when asked to account for a 75c discrepancy in the system accounting found that someone was hacking into his computer system by using other peoples accounts. Stoll eventually traced his hacker back to a group of German hackers who were using his computers to break into US military sites looking for information to sell to the KGB. Another (in)famous event (circa 1988) was the "Internet Worm", a worm program that spread across the Internet, by exploiting somewhat known security holes. It was created and released by a student from Cornell University, Robert Taipan Morris (rtm) the son of an esteemed security expert. It was estimated that the worm was responsible for some 4000 BSD and VAX based systems coming to a halt, costing some US$10+ Million dollars in lost computer time. Such incidents, along with countless others highlight the need for increased computer security. However the solution isn't a simple one, for "UNIX was not developed with security, in any realistic sense, in mind". Intrusion Detection Systems attempt to solve some of the classical security problems in computer systems. These Intrusion Detection Systems attempt to ensure correct usage of the computer system by automated monitoring of the system audit trail. The early idea of detecting threats by means of audit trail analysis was purposed by J Anderson. In his report Anderson categorised threats as internal penetrators (which included masquerading and clandestine users) and external penetrators. While most reporting has been about the external computer "hackers", it is suggested that the internal penetrators have been cause for most security incidents (some estimates as high as 80-90%). Later models were developed for performing intrusion detection by using expert systems and subject profiling with the majority of early work being carried out by Sytek and SRI International in developing computer algorithms, later the Intrusion Detection Expert System and Next-generation Intrusion Detection Expert System for the automatic analysis of computer audit records for detection of abnormal or suspicious computer usage. What follows is a list of many of the systems which have been or still are being developed. ---- Intrusion Detection Systems ---- Legend: AS - Audit System NS - Network Scanner NM - Network Monitor SS - Security Scanner SM - System Monitor AD - Anomaly Detection MD - Misuse Detection ES - Expert System FL - Fuzzy Logic NN - Neural Network SA - Statistical Analysis System Type --------------------------------------------------------------- --------------- Saturne Discovery Network Auditing Usage Reporting System (NAURS) Intrusion Detection Expert System (IDES) Next-generation Intrusion Detection Expert System (NIDES) AD,MD,SA,ES Wisdom and Sense (W&S) AD,SA Network Intrusion Detection eXpert (NIDX) Haystack Multics Intrusion Detection and Alerting System (MIDAS) Network Anomaly Detection and Intrusion Reporter (NADIR) Computer Watch (CW) Clyde Digital Systems Audit (CDSA) Information Security Officer Assistant (ISOA) Minos Time-based Inductive Learning (TIM) Network Security Monitor (NSM) Distributed Intrusion Detection System (DIDS) Network Intrusion Countermeasure Engineering (NICE) Intrusion Detection Alert (IDA) State Transition Analysis Tool (STAT) Unix State Transition Analysis Tool (USTAT) SecureNet (SN) Stalker Polycenter Security Intrusion Detector (PSID) Computer Misuse Detection System (CMDS) Kane Security Analyst (KSA) Axent Omniguard/Intruder Alert (IA) Other related IDS components/tools: Advanced Security audit trail Analysis on uniX (ASAX) AS Basic Security Module (BSM) AS Compartment Mode Workstation (CMW) AS svr4++ AS ASET SM COPS SS Courtney NM Internet Security Scanner (ISS) NS, SS Pingware SPI System Security Scanner (S3) SS Security Administrator Tool for Analysing Networks (SATAN) NS, SS TAMU Tiger SS TCP Wrappers NM Tripwire SM ---- Joining Requests ---- When joining the list I ask you to briefly introduce yourself (to the mailing list <ids () uow edu au>), to give an outline of your interest in intrusion detection systems. Whether you are developing an intrusion detection system, or a system administrator or student who is currently investigating or developing a system. Additionally you might want to express some personal ideas that you have about what you think an intrusion detection system should be. ---- References & Papers ---- For those that are looking for some reference material I am collecting material, if you have any material on the topic please inform the list or me. I would like to use this to develop a FAQ for the list. If you have any copies of papers on/related to intrusion detection systems then you can drop them off in: ftp://ftp.cs.uow.edu.au/pub/ccsr/ids/incoming/ It would be useful if you could also leave a brief note indicating what the information is in regards too and the source of the information (ie. URL etc..) ---- FTP & WWW ---- ftp://ftp.cs.uow.edu.au/pub/ccsr/ids http://www.cs.uow.edu.au/ccsr/ids.html NOT AVAILABLE YET ---- Important Note ---- One final note: if you want to mail to the list be sure to mail to: ids () uow edu au *Warning* if you are replying to mail from the list it will be directed to the list (due to Reply-to: fields being automatically inserted) not the author of the mail which may have been the intention. So reply to the author of the message just edit the To: field before sending the mail. majordomo () uow edu au is for commands for list management functions, if you are unsure of syntax just mail with "help" in body of message. --=== RuF LiNuX SPi: $Revision: 1.1 $ $Date: 1996/09/11 05:29:54 $ ===--
Current thread:
- Welcome to ids (fwd) Darren Reed (Feb 16)