-----BEGIN PGP SIGNED MESSAGE----- Hi: I just subscribed to IDS, and in the welcome message got the following: > When joining the list I ask you to briefly introduce yourself, My name is Diego Zamboni, and I'm head of the Computer Security Area at the Computer Services Direction (DGSCA) in the National Autonomous University of Mexico (UNAM). My area is a recently formed one, although I've been working on security for over 2 years now. > to give an outline of your interest in intrusion detection > systems. Whether you are developing an intrusion detection > system, or a system administrator or student who is currently > investigating or developing a system. As almost every computer security area, we are overworked and underbudgeted. I have only 4 people working with me, and we have to directly monitor over 20 workstations of every flavor you could think of (DEC, SGI, Sun, NeXT, HP) and a Cray Supercomputer. Besides, we're trying to expand our activities onto the University by spreading information and organizing events about computer security. Besides, 3 of the people who work with me are part-time students, so I can't count on them for time-intensive tasks. So, we don't always have much time to manually monitor our systems, watch our logs, etc. Right now, we are working on the development of an intrusion detection system appropriately suited for our environment. We're barely on the first design steps, but we have already identified the following needs: - - Expandability: the system will accommodate new data tests and new systems as they become available. It will be able to analyze data coming from many sources, like several security tools, as well as from the systems' logs. - - Modularity: the work will be clearly defined between the different modules, which will allow new modules to be added, or existing modules to be modified or replaced, without affecting the overall functioning of the system. - - Security: encryption will be used, where necessary, to keep the data from being disclosed. Of course, one of the reasons of joining the list is getting to know what already exists, in order to avoid unnecessary work or to learn from others' experience. > Additionally you might want to express some personal ideas > that you have about what you think an intrusion detection > system ideally, should be. I think the above items express much of what I think. Intrusion detection is, definitely, not an easy task, and a system which can detect intrusions as well as a human will probably never be detected, but they'll always have the advantage of being awake and alert all the time. And we have to make those systems as extendable and configurable as possible. > For those that are looking for some reference material I will > be posting a bibliography and some hints to finding some > material I would love to get that material! Of course, any comments on anything that I said will be welcome. Best regards. - --- Diego Martin Zamboni Area de Seguridad en C'omputo diego@conga.dgsca.unam.mx DGSCA, UNAM, Mexico. Tel. (52-5)622-85-29 (NeXTMail ok) Fax. (52-5)622-80-43 WWW home page: http://ds5000.dgsca.unam.mx/~diego/ PGP key: finger diego@conga.dgsca.unam.mx -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCZAwUBMJbEHY13vB0Tr4iFAQFs8QQffL8Mug3Z1sAbzgR+XtY6FZyzs91SaO42 aIGMT2nG8EgMQdShJmjMW8x0xSNFtyAekgEqj6x5R8XAGSS1T1XHR/wOqiwvmDaT lPPcsudAbuZplhUeamOtwwQU//sHvShJFQWIZE7wDPEmeVYxsbiwiSAII59MfAEI OpQzFtnvmVJ2Hi2p =b9af -----END PGP SIGNATURE-----