> > ******************************************************************** > > INTRUSION DETECTION IN COMPUTERS > > January 29, 1991 > > This report was dated early '91, the information contained within is > meaningless today. > > > (3) Haystack. Haystack was developed by Haystack > > Laboratories, Inc. for the Air Force Cryptologic Support Center > > in 1988 to analyze data from Unisys 1100/2200 mainframes running > > under the OS/1100 operating system. The actual analysis is done > > on a personal computer (such as the Zenith Z-248) running under > > MS-DOS. Haystack could not be easily implemented in other > > environments. > > Since then, Steve Smaha at Haystack Labs has come out with a product called > "Stalker" which does a *VERY* (IMHO) nice job of auditing a network of > Sun workstations. A bit pricey, but a great deal of research has been put > into it, so it's worth it if you can afford it. > When you say "audit," I'm assuming that you mean the same type of auditing the Tiger Scripts perform. Or perhaps, something more akin to Tripwire? What makes "Stalker" superior (my assumption, according to your emphasis) to any other product (say, for example, Tamu Tiger Scripts)? - paul _______________________________________________________________________________ Paul Ferguson US Sprint Managed Network Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul@hawk.sprintmrn.com