I just heard a presentation by Ken Van Wyck of DISA's emergency response team (ASSIST). He seemed to indicate that practially no one was using any sort of monitoring whatsoever, no auditing (except perhaps basic Unix accounting). If anyone at all is using full-blown intrusion detection, it is only a handfull of places. You might want to ask the CERT, ASSIST, CIAC, or such places, who probably know better than anywone else. Teresa ========= Date: Mon, 26 Sep 1994 13:31:48 -0400 From: David R Landry <dlandry@afit.af.mil> Subject: Intrusion Detection Statistics I am curious if anyone has a guess on statistics relating to the use of intrusion detection systems in UNIX systems across the United States/World. What percentage use no protection except basic UNIX accounting? What percentage use basic, commercial accounting/security packages? What percentage use full blown intrusion detection systems? Current headlines and research papers seem to indicate most intruders are still being caught by accident (ie system crashes, slow machines, new accounts, etc.) -------------------------------------- 2LT David R. Landry Graduate Student, AI/Computer Security Air Force Institute of Technology dlandry@afit.af.mil