Hi, My name is Jim Truitt. I am a Staff Engineer working for Harris Information Systems Division in Melbourne, Florida, USA. I first got into security about three years ago. It was at that time that I first became aware of intrusion detection (ID) technology. ID seemed to be the next logical step in the evolution of computer/network security. First computer systems were isolated (i.e. not networked) and everyone could do everything. It quickly became obvious that you couldn't (shouldn't) allow everybody to do everything. So the next step was to allow certain people do certain things. To accomplish this identification and authentication (I&A) techniques were developed and coupled with access control (DAC, MAC) techniques to determine what things an individual user could do. This was better, but certain people could still do certain things to abuse the system. So the next step was accountability. To address this issue auditing systems (AUD) were devised to record all activities of all users on the system. System administrators were quickly overwhelmed by reams of audit data, to the extent that the data became useless (i.e. to much to process). This issue was addressed by the development of audit data reduction and analysis tools. So now I just about have control of my isolated system, but my users need access to the outside world. Let's attach our once isolated system to a network to the outside world. My internal users can now reach outside their system, but external users can also get in. I counter this with a firewall, but in the back of mind I have these nagging concerns that an outsider might defeat the firewall or an insider might do something harmful to the system (intentionally or unintentionally). I will counter this with monitoring and scanning software. Take all of this and combine it into an integrated package and I think you have arrived at ID. The chronology may not be exact, but the point is that the time is right and the need is there for ID capabilities (and products). Jim Truitt ------------------------------------------------------------------------------- | NAME :JAMES O. TRUITT (JIM) | HARRIS CORPORATION | INFORMATION | | PHONE :1-407-984-5791 | P. O. BOX 98000 | SYSTEMS | | FAX :1-407-984-6323 | MELBOURNE, FL 32902 | DIVISION | | EMAIL :JTRUITT@HARRIS.COM | MS W2/7742 | | -------------------------------------------------------------------------------