New subscriber to IDS: Rik Harris

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: saouli@math.ethz.ch: "a short introduction"
• Previous message: Justin Lister: "Administrator Views"

Hi all.  The information file said you wanted introductions, so here I
am.  I am a consultant for a UNIX consulting firm who does all kinds
of consulting for UNIX installation, administration, management,
integration, conversion, migration, audit and whatever else you might think
of.  We have been doing work in the area of security for quite a
while, with security audits, firewall installation and maintenance,
and general security enhancement for business and government.

My main interest in IDS is systems we can install on a customer's
system, to be monitored by the local System Administrator(s) onsite.
Many of these administrators do not have much security-related
experience, and in some cases would not be able to recognise an
intrusion even if they were reading the logs carefully.

We have generally tried to set up a heuristics based system to filter
out "normal" activity, and try to present the administrator with what's
left, as well as picking up on some of the obvious intrusions (logins to
system accounts, like ftp, or bin; logins from remote sites; etc) and
installing tripwire-like programs.  I can imagine much better solutions,
though have had very little to do with them, so this list sounded very
interesting.

I doubt I have anything useful to contribute in the way of tools or
information at this stage :-(  but I am interested in discussion.

have fun,
rik.
--
The Fulcrum Consulting Group                                           o
------------------------------------------------------------------------------
Rik Harris - Senior Consultant - rik.harris@fulcrum.com.au         /\
12/10-16 Queen St. Melbourne VIC 3000.  +61 3 621-2100 (BH) +61 3 621-2724 (Fax)

• Next message: saouli@math.ethz.ch: "a short introduction"
• Previous message: Justin Lister: "Administrator Views"