Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Evaluating Network Intrusion Detection Signatures, Part Two
This is the second article in a series devoted to evaluating the quality of network intrusion detection (NID) signatures. The first installment discussed some of the basics of evaluating NID signature quality, as well as selecting attacks to be used in testing. This article will conclude the discussion on criteria for choosing attacks and then provide recommendations for generating attacks and creating a good testing environment.
Evaluating Network Intrusion Detection Signatures, Part One
This article is the first is a series that will help readers to evaluate NID signatures. Properly testing NID signatures is a surprisingly complex topic. This installment will discuss some of the basics of evaluating NID signature quality, and then look at issues relating to selecting attacks to be used in testing.
Justifying the Expense of IDS, Part Two: Calculating ROI for IDS
This article is the second of a two-part series exploring ways to justify the financial investment in IDS protection. In this artiicle we will discuss proactive and reactive management methodology and how this methodology affects our analysis of risk. We will also demonstrate an application of this ROI mechanism using a hypothetical situation.
Know Your Enemy: Building Virtual Honeynets
Virtual honeynets take the concept of Honeynet technologies, and implement them into a single system. This article will describe several different ways of building virtual honeynets.
Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS
A positive return on investment (ROI) of intrusion detection systems (IDS) is dependent upon an organization's deployment strategy and how well the successful implementation and management of the technology helps the organization achieve the tactical and strategic objectives it has established. For organizations interested in quantifying the IDS's value prior to deploying it, their investment decision will hinge on their ability to demonstrate a positive ROI. ROI has traditionally been diff...
One of These Things is not Like the Others: The State of Anomaly Detection
In the past few years, intrusion detection systems have joined firewalls as the fundamental technologies driving network security. In the near future, a third component will emerge - anomaly detection systems (ADS). This article will offer a brief overview of anomaly detection, including what it is, how it works, different ADS techniques, and the current state of anomaly detection.
Implementing Networks Taps with Network Intrusion Detection Systems
Network taps were created to reconcile design conflicts between network intrusion detection systems (NIDS) and switches. This article will offer an overview of taps, including: what taps are, why they should be implemented, their role in improving network security, how they should be implemented, and the economic benefits of taps.
Optimizing NIDS Performance
To help network intrusion detection systems keep up with the demands of today's networks, and the wide variety of threats that besiege them, there are a number of things that the NIDS administrator can do to improve the performance of their NIDS. This article will examine some of those options.
IDS Evasion Techniques and Tactics
Blackhats, security researchers and network intrusion detection system (NIDS) developers have continually played a game of point-counterpoint when it comes to NIDS technology. The BlackHat community continually develops methods to evade or bypass NIDS sensors while NIDS vendors continually counter act these methods with patches and new releases. Throughout this article we will explain basic evasion techniques as well as suggest fixes or what to look for in many of these attacks.
Network Intrusion Detection Signatures, Part Five
This is the fifth and final installment in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article, we will extend this discussion by looking closely at stateful protocol analysis, which involves performing protocol analysis for an entire connection or session, capturing and storing certain pieces of relevant data seen in the session, and using that data to identify attacks that involve multiple requests and responses.