Firewall Wizards mailing list archives
Welcome to ids (fwd)
From: Darren Reed <darrenr () cyber com au>
Date: Tue, 17 Feb 1998 13:55:04 +1100 (EST)
[...]
Here's the general information for the list you've subscribed to,
in case you don't already have it:
[Last updated on: Wed Sep 18 13:49:59 1996]
+ ================================================ +
|| ___ ____ ___ ----------------------------- ||
|| I | \ / I N T R U S I O N ----- ||
|| I | / \__ D E T E C T I O N ------ ||
|| I | / \ S Y S T E M S ------- ||
|| _I___|_/_______/ -------------------- ||
|| ||
+ === M A I L I N G =========== L I S T ========== +
Welcome to the Intrusion Detection Systems Mailing List. The list is
a forum for discussion on topics related to development of intrusion
detection systems.
-= IDS Relevant Topics =-
++++ Audit Collection/Filtering ++++
+ Profiling Techniques +
+ Detection Methods +
+ Knowledge Based Expert Systems +
+ Fuzzy Logic Systems +
++++ Neural Networks ++++
===== Intruder Methods and Tools =====
= == Advisories (CERT, CIAC, 8lgm) = ==
= == Telecommunications Fraud = ==
= == Financial Fraud = ==
= == Fraud Detection/Prevention Systems = ==
==== ====
**** Security Policies ****
* * * *
** **
** **
* * * *
**** ****
---- IRC Conferences ----
The intrusion detection channel on irc is #ids. Hook in anytime, there
may be someone around to chat with. For those not familiar with IRC I
suggest getting the IRC FAQ from Usenet news.answers.
Additionally, discussions sessions can be organised via IRC.
---- Using the Mailing List ----
Majordomo list management software is being used to run the forum. If
you haven't used majordomo mailing lists before, I suggest you obtain
the "help" file. The help file will give a description of the commands
supported by this version and the syntax required.
This is done by sending:
--> To: majordomo () uow edu au
--> Subject: (not important)
--> Body: help
All commands are handled by the above address. NOTE: mail for the list
is not to be sent to the above address. Mail for the ids mailing list
should be directed to:
--> To: ids () uow edu au
--> Subject: please try give appropriate subject names
--> Body: message for the forum
Also information on subscribing and unsubscribing to the ids mailing
list can be retrieved by mailing to "ids-request () uow edu au" with body
"help".
If you need to discuss any additional ideas related to the services of
the mailing list you can send mail to the list maintainer by sending:
--> To: ids-owner () uow edu au
Please try only send mail in regard to problems or ideas related to
the running of the mailing list.
---- Introduction to Intrusion Detection Systems ----
Todays growth and reliance on computer systems is phenomenal, there
has been no other age in human-kind in which the rate of change
has been so explosive.
However this rapid growth has often meant choosing the quickest and
easiest strategies to implement and maintain the computer systems.
A lack of resources and expertise often results in the security
responsibility being shared amongst users with the most computer
experience. It is not uncommon to find that there is no dedicated
system administrator let alone specialised security officers.
Hence, many systems are implemented without any regards to sound
security strategies.
There have been -= MANY =- hacker/cracker/phreaker stories reported in
the news over the years, some which were more hyped than others.
Dramatic movies such as Wargames, which shows a college student who
nearly starts a "Thermonuclear War" because this bright young hacker
decided he "want[ed] to play a game ?" with a high security military
computer system. This cult movie was accredited as inspiring a whole
new generation of system hackers, or as the older generation of hackers
prefer "crackers".
Another movie "Sneakers" revolves around a tiger team whose job was to
test the security of banks by attempting to break into them. Later they are
hired to steal a powerful decryption box that was able to decipher
all American encryption systems. Though such movies are obviously highly
fictional [ -= Clipper =- Doh! ], there have been many all-too-real
accounts.
One such account, is outlined in Cliff Stoll's "The Cuckoos Egg".
Stoll when asked to account for a 75c discrepancy in the system
accounting found that someone was hacking into his computer system by
using other peoples accounts. Stoll eventually traced his hacker back
to a group of German hackers who were using his computers to break
into US military sites looking for information to sell to the KGB.
Another (in)famous event (circa 1988) was the "Internet Worm", a worm
program that spread across the Internet, by exploiting somewhat known
security holes. It was created and released by a student from Cornell
University, Robert Taipan Morris (rtm) the son of an esteemed security
expert. It was estimated that the worm was responsible for some 4000
BSD and VAX based systems coming to a halt, costing some US$10+
Million dollars in lost computer time. Such incidents, along with
countless others highlight the need for increased computer security.
However the solution isn't a simple one, for "UNIX was not developed
with security, in any realistic sense, in mind".
Intrusion Detection Systems attempt to solve some of the classical
security problems in computer systems. These Intrusion Detection
Systems attempt to ensure correct usage of the computer system by
automated monitoring of the system audit trail. The early idea of
detecting threats by means of audit trail analysis was purposed by
J Anderson. In his report Anderson categorised threats as
internal penetrators (which included masquerading and clandestine
users) and external penetrators. While most reporting has been about
the external computer "hackers", it is suggested that the internal
penetrators have been cause for most security incidents (some
estimates as high as 80-90%).
Later models were developed for performing intrusion detection by
using expert systems and subject profiling with the majority of early
work being carried out by Sytek and SRI International in developing
computer algorithms, later the Intrusion Detection Expert System
and Next-generation Intrusion Detection Expert System for the
automatic analysis of computer audit records for detection of
abnormal or suspicious computer usage.
What follows is a list of many of the systems which have been or still
are being developed.
---- Intrusion Detection Systems ----
Legend:
AS - Audit System
NS - Network Scanner
NM - Network Monitor
SS - Security Scanner
SM - System Monitor
AD - Anomaly Detection
MD - Misuse Detection
ES - Expert System
FL - Fuzzy Logic
NN - Neural Network
SA - Statistical Analysis
System Type
--------------------------------------------------------------- ---------------
Saturne
Discovery
Network Auditing Usage Reporting System (NAURS)
Intrusion Detection Expert System (IDES)
Next-generation Intrusion Detection Expert System (NIDES) AD,MD,SA,ES
Wisdom and Sense (W&S) AD,SA
Network Intrusion Detection eXpert (NIDX)
Haystack
Multics Intrusion Detection and Alerting System (MIDAS)
Network Anomaly Detection and Intrusion Reporter (NADIR)
Computer Watch (CW)
Clyde Digital Systems Audit (CDSA)
Information Security Officer Assistant (ISOA)
Minos
Time-based Inductive Learning (TIM)
Network Security Monitor (NSM)
Distributed Intrusion Detection System (DIDS)
Network Intrusion Countermeasure Engineering (NICE)
Intrusion Detection Alert (IDA)
State Transition Analysis Tool (STAT)
Unix State Transition Analysis Tool (USTAT)
SecureNet (SN)
Stalker
Polycenter Security Intrusion Detector (PSID)
Computer Misuse Detection System (CMDS)
Kane Security Analyst (KSA)
Axent Omniguard/Intruder Alert (IA)
Other related IDS components/tools:
Advanced Security audit trail Analysis on uniX (ASAX) AS
Basic Security Module (BSM) AS
Compartment Mode Workstation (CMW) AS
svr4++ AS
ASET SM
COPS SS
Courtney NM
Internet Security Scanner (ISS) NS, SS
Pingware
SPI
System Security Scanner (S3) SS
Security Administrator Tool for Analysing Networks (SATAN) NS, SS
TAMU Tiger SS
TCP Wrappers NM
Tripwire SM
---- Joining Requests ----
When joining the list I ask you to briefly introduce yourself (to the
mailing list <ids () uow edu au>), to give an outline of your interest in
intrusion detection systems. Whether you are developing an intrusion
detection system, or a system administrator or student who is
currently investigating or developing a system. Additionally you might
want to express some personal ideas that you have about what you think
an intrusion detection system should be.
---- References & Papers ----
For those that are looking for some reference material I am collecting
material, if you have any material on the topic please inform the list
or me. I would like to use this to develop a FAQ for the list.
If you have any copies of papers on/related to intrusion detection
systems then you can drop them off in:
ftp://ftp.cs.uow.edu.au/pub/ccsr/ids/incoming/
It would be useful if you could also leave a brief note indicating what
the information is in regards too and the source of the information
(ie. URL etc..)
---- FTP & WWW ----
ftp://ftp.cs.uow.edu.au/pub/ccsr/ids
http://www.cs.uow.edu.au/ccsr/ids.html NOT AVAILABLE YET
---- Important Note ----
One final note: if you want to mail to the list be sure to mail to:
ids () uow edu au
*Warning* if you are replying to mail from the list it will be directed
to the list (due to Reply-to: fields being automatically inserted)
not the author of the mail which may have been the intention. So reply
to the author of the message just edit the To: field before sending the
mail.
majordomo () uow edu au is for commands for list management functions, if
you are unsure of syntax just mail with "help" in body of message.
--=== RuF LiNuX SPi: $Revision: 1.1 $ $Date: 1996/09/11 05:29:54 $ ===--
Current thread:
- Welcome to ids (fwd) Darren Reed (Feb 16)