FAQ: See http://www.ticm.com/kb/faq/idsfaq.html IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems.. Then email questions to ids-owner@uow.edu.au NOTE: You MUST remove this line from reply messages as it will be filtered. SPAM: DO NOT send unsolicted mail to this list. USUB: email "unsubscribe ids" to majordomo@uow.edu.au --------------------------------------------------------------------------- This is a multi-part message in MIME format. --------------EB7BA88B76C7A4A2EEE085C4 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Network based intrusion detection has always been limited to processing speeds, and network utilization. The direction of intrusion direction will be changing in the very near future, you might want to keep an eye on us at INTEROP 99. ODS Networks will also be at the Comdex show in Chicago April 19-22, and will be talking about and Demo'ing some new things to come in the IDS arena. The problem with security is that, everyone thinks of the problem is coming from the outside; this type of thinking is flawed and counter productive. The security problem comes from within, the tools are downloaded from the outside and used to attack systems from within the network. Fire walls, if administered properly are good at keeping most hackers out; IDS systems are good at finding them when they get in and they don't belong in the network. But, what if the person belongs there, and is attacking the systems from within the network, or is using your network to attack systems somewhere on the internet? Ask yourself and or the company management, a couple of questions. Do you think your network and application systems are secure, because you have a firewall? (FALSE) An employee can down load the attacks from the internet, and learn how to attack systems, before going on the internet. You have to trust your employees, they will not hack the company systems? (FALSE) Other wise they would have not have login passwords, and badges to move around the buildings. Are hackers all those nerds on the internet, and college kids when they're not drinking and partying or some bored high school kid? (FALSE) Maybe some bored under-chalenged worker, or a curious george looking for some fun, or a disgruntled employee looking for pay back. It could be some of the above, but can you profile a hacker, that you can't see or catch. besides who cares. The first priority is to set up enough hurdles to trip the hacker, hopefully one of many security measures will trip them up and you'll be able to to stop them before the loss, or damage begins. Computer Crime the fastest growing crime in America, Attacks from within, 75% to 80% per the FBI Attacks from the outside, 25% to 20% per the FBI I think the fire walls are doing their job, but what about the other numbers, the 75 to 80%. I think everyone needs to think differently when it comes to computers, and networks. Treat your computer and your network, like you treat your own personal, financial, humiliating secrets. You don't allow access to just anybody, and you don't allow just anyone in on your secrets, even if they ask! ODS Networks Computer Misuse Detection System Please check out our web site http://www.ods.com/ bkho@umac.mo wrote: > > FAQ: See http://www.ticm.com/kb/faq/idsfaq.html > IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html > HELP: Having problems.. Then email questions to ids-owner@uow.edu.au > NOTE: You MUST remove this line from reply messages as it will be filtered. > SPAM: DO NOT send unsolicted mail to this list. > USUB: email "unsubscribe ids" to majordomo@uow.edu.au > --------------------------------------------------------------------------- > > From: bkho@UMAC on 04/09/99 04:21 PM > > I saw someone wrote that: > > "... To keep an eye on data running over our network, we primarily use ISS's > Real Secure. It watches the network for certain attack signature,..... Now there > is one problem that could arise by using RealSecure. Obviously, what it's doing > is throwing the interface card into promiscuous mode, and sniffing the network. > Now this works just fine if you're using a standard hub, but if you're using > switched hub (which prevents sniffing, which is a good thing), RealSecure is > useless. So, what we did was get an HPSwitch, which will allow switching for > every port, except a "Master Port" which can be configured to receive all data. > So, the only machine on our network which can sniff, is the network monitoring > station. Another alternative to this would be to set up a sort of switch DMZ > (de-militarized zone), where the data coming in from your router would to to a > primary un-switched hub, ......." > > Any comment or solutions? > > Fiona --------------EB7BA88B76C7A4A2EEE085C4 Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Mayer, John Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: John Mayer n: Mayer;John org: ODS Networks adr: 3800 N. Wilke Rd. ;;Suite 300;Arlington Heights;IL;60004;USA email;internet: jmayer@ods.com title: System Engineer tel;work: 847-818-1868 tel;fax: 847-818-1996 note: http://www.ods.com/ x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard --------------EB7BA88B76C7A4A2EEE085C4--