Re: The intrusion detection report from TIS

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Charles R. Hoynowski: "Re: For those that have just joined"
• Previous message: Teresa Lunt: "introduction and NIDES info"
• Maybe in reply to: Teresa Lunt: "The intrusion detection report from TIS"

Mike,

	Is there any on-line documentation available on the following?

Since then, Steve Smaha at Haystack Labs has come out with a product called
"Stalker" which does a *VERY* (IMHO) nice job of auditing a network of
Sun workstations. A bit pricey, but a great deal of research has been put
into it, so it's worth it if you can afford it.


  This is my pet project. On January 1st, stage one of UNICORN (Unicos
Real-time NADIR) and KNADIR (Kerberos NADIR) will be finished and
be in production here at LANL. UNICORN works with Unicos security audit
records and does a good deal of Unix generic vulnerability testing.
KNADIR works with a slightly modified Kerberos v4 audit record (we just
made it a little more thorough).

  There is a newer project based on this here, but it's in it's first few
months of development. The original W&S was bought on a tech transfer by
one of the original authors. LANL has nothing to do with it anymore. 
Basically, W&S looks at a dataset and tries to generate meta-rules about
the data. Then, when presented with new datasets, it applies these meta-rules
to detect anomalies.

Thanks
Jim

• Next message: Charles R. Hoynowski: "Re: For those that have just joined"
• Previous message: Teresa Lunt: "introduction and NIDES info"
• Maybe in reply to: Teresa Lunt: "The intrusion detection report from TIS"