Intrusion Detection Questionnaire

Jim Cannady (james.cannady@gtri.gatech.edu)
Fri, 05 Apr 1996 13:06:38 -0500
Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Fence-Walker: "CERT Summary CS-96.02"
Previous message: David Kennedy: "Screamer:Argie Hacker"
--=====================_828745598==_
Content-Type: text/plain; charset="us-ascii"

Hello,

  I'm finishing up a presentation for the TISC '96 conference in May and I
really need everyone's help.  The paper is a overview of the current
state-of-the-art in the field of intrusion detection.  As part of the paper,
I'd like to present the perspective of security professionals, network
administrators, and anyone who uses a network.  I've attached a (very) short
questionnaire that addresses some of the key issues of intrusion detection.
If you could, please take a few minutes and answer the questions.  They are
all multiple choice, but your responses will be invaluable for this paper.
Responses should be emailed directly to me.

Your assistance is greatly appreciated.     

Jim

--=====================_828745598==_
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: attachment; filename="QUESTI~1.TXT"

INTRUSION DETECTION QUESTIONNAIRE

Mr. James Cannady and Mr. Jay Harrell from the Georgia Tech Research
Institute are currently preparing a report on the current state of
intrusion detection research.  As part of that report, the thoughts and
experiences of network professionals are requested as a measure of the
effectiveness of current information security measures.  Your assistance is
greatly appreciated.

All responses will be kept absolutely confidential and anonymous or partial
submissions are welcome.  We will present summary results at the TISC
conference in May (insert URL here)

We are research faculty of Georgia Institute of Technology and we can be
reached by US mail, email, or telephone at the following addresses:

James Cannady
James.Cannady@gtri.gatech.edu
Georgia Tech Research Institute
Atlanta GA 30332-0832
404/894-9730

Jay Harrell
Jay.Harrell@gtri.gatech.edu
Georgia Tech Research Institute
Atlanta GA 30332-0832
404/894-8953

Description of Host System

1. Please describe yourself
     -network administrator
     -management
     -network user
     -other (specify)

2.  Please describe the nature of the organization supported by the network

      -Academia
      -Non-profit Organization
      -Manufacturing
      -Telecommunications
      -Computers
      -Transportation
      -Other

3.  Please briefly describe the following components of your network:

      -Number of workstations on network
      -Number of users
      -External connections (i.e., Internet)
      -Operating systems

Perception of Need

4.  Please rate the following on a scale from 1 (minimal) to 10 (serious)

     a.  Your concern for the security of your network
     b.  The network administrators concern for security
     c.  The senior management's concern for security
     d.  The typical network user's concern for security

5.  Please rate the following network threats on a scale of 1 (lowest ) to
6 (highest)

    a.  Hackers
    b.  Crackers
    c.  Phreakers
    d.  Disgruntled employees
    e.  Foreign governments
    f.  Economic Competitors

Security Measures

6.   What kinds of security measures are utilized on the network:
      -Operating system-based security measures
      -Intrusion detection systems
      -Firewalls
      -Other

7.  Do you use commericial off-the-shelf security products? (Please Specify)
     -yes
     -no
     -don't know
     -can't say

8.  What type of  misuses which you are trying to detect?
      -Attempted break-in
      -Masquerading
      -Penetration by legitimate users
      -Viruses
      -Denial-of-Service
      -Other

System Attacks

9.  Has your network ever been compromised by an external or internal attack
      -yes
      -no
      -don't know
      -can't say
      (Please give details if you can)

10.  Were any intrusion detection mechanisms or other security systems
     employed prior to the attack?
        -yes
        -no
        -don't know
        -can't say
      (Please give details if you can)

11.  Were those security mechanisms successful in preventing or minimizing
the attack?
        -yes
        -no
        -don't know
        -can't say
     (Please give details if you can)

12.  Was the attack reported?
        -yes
        -no
        -don't know
        -can't say
        (Please give details if you can)

13.  Were any additional security measures employed after the attack?
        -yes
        -no
        -don't know
        -can't say
        (Please give details if you can)

Comments

14.  Please provide any additional comments regarding the security
      of your system, or your thoughts on the topic of intrusion
      detection mechanisms.

--=====================_828745598==_
Content-Type: text/plain; charset="us-ascii"

==================================
James Cannady                     |
Research Scientist                |
Georgia Institute of Technology   |
GTRI/ITL/CSITD                    |
James.Cannady@gtri.gatech.edu     |
(404) 894-9730                    |
==================================

--=====================_828745598==_--
Next message: Fence-Walker: "CERT Summary CS-96.02"
Previous message: David Kennedy: "Screamer:Argie Hacker"