Re: Introduction

Parker, Robert (robpar@ccgate-ut.raxco.com)
Wed, 08 Nov 95 07:26:01 MDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David B. Smith: "Re: Network Security [off-topic]"
Previous message: Benoit Dicaire: "I got an intruder ..."
Maybe in reply to: Gideon Sahar: "Introduction"
Next in thread: Chris Sonneborn: "Introduction"

     Jeff,

     If you are looking for something that will accomplish what you ask 
     regrarding monitoring of internet access, you can use a product called 
     Intruder Alert available in Oz from Software Intelligence.  It's 
     created in the US by Axent Technologies and it fits you to a "T"

     Rob Parker

______________________________ Reply Separator _________________________________
Subject: Introduction
Author:  ids@uow.edu.au at ccgate-ut
Date:    11/6/95 10:14 AM

Hi,

I have joined this mailing list primarily because of my role at work 
which at present is focussing on providing Internet connectivity for 
our clients.

Dealing with the Internet means dealing with security and I am interested 
in ways of preventing, and detecting, intrusion attempts. I suppose I 
should also add Im interested in detecting successful intrusions as well!!

Unfortunately, this isnt my only role, so I cant spend all my time on it.

So I am interested in hearing of anything that could be used to automate 
monitoring of systems, and anything else regarding security of systems.

I am not a Unix expert. I know enough to be dangerous (ie I think I know 
what Im doing ;-) )

One question I have regarding monitoring for intrusuions, is this:

We currently use a package called NeTraMet, which we use for billing 
purposes. It monitors all packets going through our Internet link and 
gathers info such as source/destination IP address, packet type, and 
source/destination ports amongst others.

My question is, would it be worth setting this up to send alerts in some 
form when it detects packets with a specific port number? ie is there 
ports which are only used when someone is attempting to gain access? I 
dont want to create something which generates "false alarms" so it get 
ignored!

Any body been down this path? Is it worth the effort?

Regards
 Jeff Law
 Internetworking Consultant
___________________________________________________________
 Continuum (NZ) Limited
 105 Symonds Street
 PO Box 8690             Telephone: 64 9 379-2350 
 Auckland 1035           Facsimile: 64 9 357-2200
 New Zealand             Internet : jlaw@arguus.co.nz
___________________________________________________________ 
Most of the things worth doing in the world had been declared
             impossible before they were done. (Louis Brandeis)

Next message: David B. Smith: "Re: Network Security [off-topic]"
Previous message: Benoit Dicaire: "I got an intruder ..."
Maybe in reply to: Gideon Sahar: "Introduction"
Next in thread: Chris Sonneborn: "Introduction"