There is a wealth of tools available to help protect the enterprise from security threats. Firewalls, virtual private networks, strong user authentication, encryption, intrusion detection/prevention systems (IDS/IPS), email filters, antivirus, vulnerability scanners are all options. Each of these point solutions is capable of addressing a specific element of the security mosaic. In order to address their limitations many enterprises attempt to aggregate these solutions in a futile attempt to achieve effective IT security.
Source: InfoSecWriters.com - Posted by Benjamin D. Thomas
I have attempted to uncover and explore a free and easy solution for the cost conscience small to medium size network to incorporate Intrusion Detection. The paper will focus on the aspects of free tools in relation to Intrusion Detection. I will define the tools I am using, where I will place the tools within the network, why I decided to place the tool in this particular location, and what defense mitigation the tool should assist.
Symantec Corp. today announced Symantec Critical System Protection 5.0, a proactive behavior-based intrusion prevention solution for multi-layered protection of servers and critical clients running on Windows, UNIX and Linux platforms. Available later this month, Symantec Critical System Protection provides zero-day protection against application and operating system attacks, enhanced auditing and compliance enforcement, enterprise reporting capabilities, and improved manageability of heterogeneous environments from a single management console. Using a unique combination of signature and behavior-based detection, this enterprise class product helps prevent system downtime while protecting critical information assets.
Source: InfoSec Writers - Posted by Benjamin D. Thomas
Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot and what exactly it was I became intrigued with the idea of actually getting back at these mysterious hackers. I want to build a honeypot, put it on my home network, and see what I can attract. I will build a honeypot and put it out for business. I researched what the ideal computer set up would be and built one. I will discuss the computer, how to build one, and what my results were.
Source: ComputerWorld - Posted by Benjamin D. Thomas
Traffic on the network had increased all week, but the intrusion-detection system wasn't picking up any malicious traffic. Whatever traffic was traversing the network was considered OK.
The servers and desktop systems were all at current patch levels, switches at current IOS levels. Sophos Anti-Virus wasn't showing any virus activity. We hadn't installed any new devices on the network. Yet something had changed and was causing problems.
Sourcefire, Inc., the creators of Snort and the world leader in intrusion prevention, and Bleeding Snort today announced the launch of the Open Source Snort Rules Consortium (OSSRC), focused on the development and advancement of Snort Rules. With over 90 Charter members from the open source user and vendor communities, the OSSRC enables the entire Snort community to contribute to the open source model, as well as Snort development and direction. Focusing on innovation and standardization, the OSSRC is an independent organization founded to ensure that Snort continues to reflect the needs of the open source community, while also remaining one of the industry’s leading security tools.
Source: TechTarget.com - Posted by Benjamin D. Thomas
Despite claims that intrusion detection tools are "old school" and often tedious to use, one technologist says an IDS, such as Snort, can be quite educational when grading an organization's network security.
During a session at the CSI 32nd annual Computer Security Conference this week, Matthew Hicks, senior information security analyst with the Children's National Medical Center in Washington D.C., said those who scoff at IDS typically don't understand how to use it.
Source: Net-Security.org - Posted by Benjamin D. Thomas
Organizations that use computing system as their business enabler are faced with the challenges to protect and mitigate their critical information assets from internal and external security risks. In such a scenario, where 100% security is hard to achieve, it is imperative to reduce time taken to detect and respond adequately to a security incident that could adversely impact normal services.
With intrusion prevention systems (IPS) fast becoming as essential a purchase as the ubiquitous firewall, the choice is becoming ever more bewildering as more and more vendors scurry to bring new products to market.
Application security differs from network and host security. The applications vary but the attacker's goal is always the same -- to access the database. Since applications use SQL to communicate with the database, a good application IDS parses SQL, providing an objective layer of protection that understands the traffic yet remains independent of the application.
