LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
Is Mandatory Access Control Too Much Security For Enterprise's Linux?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: August 29th, 2008
Linux Security Week: August 25th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Intrusion Detection
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Honeypots - How to seek them out  06 April 2006 
Source: IT Observer - Posted by Benjamin D. Thomas   
To study the proceedings and attacks from hackers, Honeypots are used. The idea thereby is, to put one or more special servers in a network . An aggressor; who cannot differentiate between genuine server/services and honeypots; sooner or later will be taken up the services offered by a Honeypot by his search for a safety gap. All his activities on the honeypot are loged thereby.

Write Comment

 
Detecting Botnets Using a Low Interaction Honeypot  26 March 2006 
Source: Infosec Writers - Posted by Eric Lubow   
This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail-safe' in that when left unattended, the default action is to do nothing – though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.

Write Comment

 
SOURCEFIRE AND CHECK POINT ANNOUNCE MUTUAL WITHDRAWAL FROM THE CFIUS PROCESS  24 March 2006 
Source: SourceFire - Posted by Ryan W. Maple   
Sourcefire, Inc., the world leader in intrusion prevention, today announced that, with the consent of the US government, Sourcefire and Check Point Software Technologies have opted to withdraw their merger filing with the Committee on Foreign Investment in the United States (CFIUS). Sourcefire will continue to operate as the industry's largest private Intrusion Prevention System (IPS) vendor.

Write Comment

 
Detecting Botnets Using a Low Interaction Honeypot  23 March 2006 
Source: InfoSec Writers - Posted by Benjamin D. Thomas   
This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail-safe' in that when left unattended, the default action is to do nothing – though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.

Write Comment

 
HLBR - Hogwash Light BR  20 March 2006 
Source: HLBR - Posted by Eric Lubow   
HLBR is a brazilian project, started in november 2005, as a fork of the Hogwash project (started by Jason Larsen in 1996). This project is destined to the security in computer networks. HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn't need even an IP address).

Write Comment

 
Domain Name Service as an IDS  23 February 2006 
Source: Cees de Laat, Karst Koymans - Posted by Eric Lubow   
How DNS can be used for detecting and monitoring badware in a network.

Write Comment

 
OSSEC HIDS v0.6 available (log analysis, integrity checking and rootkit detection)  10 February 2006 
Source: OSSec - Posted by Benjamin D. Thomas   
Version 0.6 of the OSSEC HIDS is now available! OSSEC HIDS is an Open source Host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response.

This new version comes with a lot of new features, including new active responses ( for ipfilter, user lockout and iptables), support for firewall log analysis (iptables, ipfilter and AIX IPSEC), better support for NIDS log analysis and an improved rootkit detection and integrity checking capabilities. In addition to that, this version includes a lot of bug fixes and performance improvements.

Write Comment

 
It's time to take IPS seriously  13 January 2006 
Source: TechWorld - Posted by Pax Dickinson   
Fear unites us. We used to be afraid of network problems, such as bandwidth and broken switches. Now we're afraid of the bad guys. Our networks must be connected to the Internet, yet the Internet is a cesspool of attackers constantly hammering on our defences, looking for that chink in the armour. It's not just the Internet: we fear our own users, lest their indispensable laptops acquire some vagrant affliction while driving by a Starbucks Wi-Fi hot spot.

Write Comment

 
An Inexpensive and Versatile IDS  27 December 2005 
Source: InfoSec Writers - Posted by Benjamin D. Thomas   
An intrusion detection system can be an effective technical control in the modern world of information and network security. One option that provides for low cost NIDS sensor deployment is the use of the open source IDS software Snort in combination with a consumer grade LinkSys cable/DSL router and the open source firmware distribution OpenWrt. These three items together form a powerful yet inexpensive unit that delivers IDS, routing, firewall, wireless, and NAT functionality for use in a light-weight environment, i.e. consumer or small business deployments.

Write Comment

 
Protecting against undefined exploits and security threats  21 December 2005 
Source: Security Park - Posted by Pax Dickinson   
There is a wealth of tools available to help protect the enterprise from security threats. Firewalls, virtual private networks, strong user authentication, encryption, intrusion detection/prevention systems (IDS/IPS), email filters, antivirus, vulnerability scanners are all options. Each of these point solutions is capable of addressing a specific element of the security mosaic. In order to address their limitations many enterprises attempt to aggregate these solutions in a futile attempt to achieve effective IT security.

Write Comment

 
<< Start < Prev 4 5 6 Next > End >>

Results 31 - 40 of 392
    
Partner:

 

Latest Features
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
Yesterday's Edition
SSH Key-Based Attacks

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.