Re: RFC: Intrusion Scenario archive/repository

Andrew PRUSEK (andrewp@itwhy.bhp.com.au)
Thu, 1 Dec 1994 10:10:10 +1030

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: *Hobbit*: "scenarios"
Previous message: John A. Morrison: "Re: RFC: Intrusion Scenario archive/repository"
Maybe in reply to: Jim Truitt: "RFC: Intrusion Scenario archive/repository"
Next in thread: Jim Truitt: "Re: RFC: Intrusion Scenario archive/repository"

>        IMHO the first step in developing any type of intrusion
>detection package is knowing what to look for i.e. knowing what an
>intrusion looks like.

There is another approach.
That is to know what "NORMAL" operation looks like and to report on exceptions.

Just my 2 cents worth

Andrew

----------------------------------------------------------------------
Andrew PRUSEK                         Phone: +61 86 40 4590
BHP Information Technology              Fax: +61 86 40 4720
PO Box 21 / Port Augusta Road         Email: andrewp@itwhy.bhp.com.au
Whyalla SA 5600                 Prefered OS: Linux
Australia                        Disclaimer: My opinions are my own.

Next message: *Hobbit*: "scenarios"
Previous message: John A. Morrison: "Re: RFC: Intrusion Scenario archive/repository"
Maybe in reply to: Jim Truitt: "RFC: Intrusion Scenario archive/repository"
Next in thread: Jim Truitt: "Re: RFC: Intrusion Scenario archive/repository"