Re: The intrusion detection report from TIS
Paul Ferguson (paul@hawksbill.sprintmrn.com)
Fri, 5 Aug 1994 13:23:46 -0500 (EST)
> > ********************************************************************
> > INTRUSION DETECTION IN COMPUTERS
> > January 29, 1991
>
> This report was dated early '91, the information contained within is
> meaningless today.
>
> > (3) Haystack. Haystack was developed by Haystack
> > Laboratories, Inc. for the Air Force Cryptologic Support Center
> > in 1988 to analyze data from Unisys 1100/2200 mainframes running
> > under the OS/1100 operating system. The actual analysis is done
> > on a personal computer (such as the Zenith Z-248) running under
> > MS-DOS. Haystack could not be easily implemented in other
> > environments.
>
> Since then, Steve Smaha at Haystack Labs has come out with a product called
> "Stalker" which does a *VERY* (IMHO) nice job of auditing a network of
> Sun workstations. A bit pricey, but a great deal of research has been put
> into it, so it's worth it if you can afford it.
>
When you say "audit," I'm assuming that you mean the same type of auditing
the Tiger Scripts perform. Or perhaps, something more akin to Tripwire?
What makes "Stalker" superior (my assumption, according to your emphasis)
to any other product (say, for example, Tamu Tiger Scripts)?
- paul
_______________________________________________________________________________
Paul Ferguson
US Sprint
Managed Network Engineering tel: 703.904.2437
Herndon, Virginia USA internet: paul@hawk.sprintmrn.com