Re: IDS: Security assessment tools
John Mayer (jmayer@ods.com)
Mon, 12 Apr 1999 12:22:16 -0700
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------
This is a multi-part message in MIME format.
--------------EB7BA88B76C7A4A2EEE085C4
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Network based intrusion detection has always been limited to processing
speeds, and network utilization. The direction of intrusion direction
will be changing in the very near future, you might want to keep an eye
on us at INTEROP 99. ODS Networks will also be at the Comdex show in
Chicago April 19-22, and will be talking about and Demo'ing some new
things to come in the IDS arena.
The problem with security is that, everyone thinks of the problem is
coming from the outside; this type of thinking is flawed and counter
productive. The security problem comes from within, the tools are
downloaded from the outside and used to attack systems from within the
network. Fire walls, if administered properly are good at keeping most
hackers out; IDS systems are good at finding them when they get in and
they don't belong in the network. But, what if the person belongs there,
and is attacking the systems from within the network, or is using your
network to attack systems somewhere on the internet?
Ask yourself and or the company management, a couple of questions.
Do you think your network and application systems are secure, because
you have a firewall? (FALSE)
An employee can down load the attacks from the internet, and learn how
to attack systems, before going on the internet.
You have to trust your employees, they will not hack the company
systems? (FALSE)
Other wise they would have not have login passwords, and badges to move
around the buildings.
Are hackers all those nerds on the internet, and college kids when
they're not drinking and partying or some bored high school kid?
(FALSE)
Maybe some bored under-chalenged worker, or a curious george looking
for some fun, or a disgruntled employee looking for pay back.
It could be some of the above, but can you profile a hacker, that you
can't see or catch. besides who cares. The first priority is to set up
enough hurdles to trip the hacker, hopefully one of many security
measures will trip them up and you'll be able to to stop them before the
loss, or damage begins.
Computer Crime the fastest growing crime in America,
Attacks from within, 75% to 80% per the FBI
Attacks from the outside, 25% to 20% per the FBI
I think the fire walls are doing their job, but what about the other
numbers, the 75 to 80%.
I think everyone needs to think differently when it comes to computers,
and networks. Treat your computer and your network, like you treat your
own personal, financial, humiliating secrets. You don't allow access to
just anybody, and you don't allow just anyone in on your secrets, even
if they ask!
ODS Networks
Computer Misuse Detection System
Please check out our web site http://www.ods.com/
bkho@umac.mo wrote:
>
> FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
> IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
> NOTE: You MUST remove this line from reply messages as it will be filtered.
> SPAM: DO NOT send unsolicted mail to this list.
> USUB: email "unsubscribe ids" to majordomo@uow.edu.au
> ---------------------------------------------------------------------------
>
> From: bkho@UMAC on 04/09/99 04:21 PM
>
> I saw someone wrote that:
>
> "... To keep an eye on data running over our network, we primarily use ISS's
> Real Secure. It watches the network for certain attack signature,..... Now there
> is one problem that could arise by using RealSecure. Obviously, what it's doing
> is throwing the interface card into promiscuous mode, and sniffing the network.
> Now this works just fine if you're using a standard hub, but if you're using
> switched hub (which prevents sniffing, which is a good thing), RealSecure is
> useless. So, what we did was get an HPSwitch, which will allow switching for
> every port, except a "Master Port" which can be configured to receive all data.
> So, the only machine on our network which can sniff, is the network monitoring
> station. Another alternative to this would be to set up a sort of switch DMZ
> (de-militarized zone), where the data coming in from your router would to to a
> primary un-switched hub, ......."
>
> Any comment or solutions?
>
> Fiona
--------------EB7BA88B76C7A4A2EEE085C4
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Mayer, John
Content-Disposition: attachment; filename="vcard.vcf"
begin: vcard
fn: John Mayer
n: Mayer;John
org: ODS Networks
adr: 3800 N. Wilke Rd. ;;Suite 300;Arlington Heights;IL;60004;USA
email;internet: jmayer@ods.com
title: System Engineer
tel;work: 847-818-1868
tel;fax: 847-818-1996
note: http://www.ods.com/
x-mozilla-cpt: ;0
x-mozilla-html: FALSE
version: 2.1
end: vcard
--------------EB7BA88B76C7A4A2EEE085C4--