(Page 6 of 11)   < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >

Category: Intrusion Detection » Host

Added 2001-10-22
by Craig Rowland
HostSentry is the newest addition to the Abacus Project. HostSentry is a host based intrusion detection tool that performs what is called Login Anomaly Detection (LAD). Login Anomaly Detection works by monitoring interactive login sessions to the computer system and spotting unusual behavior or activity that indicates an intrusion. In the case of HostSentry, it uses a dynamic database and modular signatures to detect misuse and report or react to the events in real-time.

Added 2001-10-22
by G. Taylor
Autobuse is a script G. Taylor wrote to identify probes and the like in logfiles and automatically report them via email. This is, in a way, the opposite of logcheck, in that autobuse tries to identify known badness and deal with it automatically, while logcheck tries to identify known goodness and leave you with the rest. Autobuse is not a substitute for proper vigilance; it is merely an effort to automatically handle the fallout from script kiddies.

Added 2001-10-22
by L.A. van der Hoogt
Utility to monitor and manage network access to your PC. Sounds alarm at connections, allows restrictions and kick features. Can be executed on access to a file, to further protect your machine from unwanted access.

Emergency Audit Response System
Added 2001-10-22
by Tishina Syndicate
EARS (Emergency Audit Response System) is an intrusion detection system which responds to abnormal system, user and network behaviors in real time, in a distributed manner. EARS are distributed agents which reside on the end point, monitoring the host, and reporting activities to it's peers.

Added 2001-10-22
by Tripwire, Inc.
Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed. Changes: Security fixes with respect to temp file handling, as well a new global email option.

The Deception Toolkit
Added 2001-10-22
by Fred Cohen
The Deception ToolKit (DTK) is a toolkit designed to give defenders a couple of orders of magnitude advantage over attackers. The basic idea is not new. We use deception to counter attacks. In the case of DTK, the deception is intended to make it appear to attackers as if the system running DTK has a large number of widely known vulnerabilities. DTK's deception is programmable, but it is typically limited to producing output in response to attacker input in such a way as to simulate the behavior of a system which is vulnerable to the attackers method.

AID - Adaptive Intrusion Detection
Added 2001-10-22
by Brandenburg University of Technology at Cottbus
The development of AID (Adaptive Intrusion Detection system) is ongoing at the Brandenburg University of Technology at Cottbus. The system is designed for network audit based monitoring of local area networks and used for investigating network and privacy oriented auditing. The research project was funded by the Brandenburg Department of Science, Research and Culture from 1994 to spring 1996. The system has a client-server architecture consisting of a central monitoring station and several agents (servers) on the monitored hosts. The central station hosts a manager (client) and an expert system. The agents take the audit data that were collected by the local audit functions and convert them into an operating system independent data format. By these means a monitoring of a heterogeneous UNIX environment is supported. Then the audit data are transferred to the central monitoring station, buffered in a cache and analysed by an RTworks based real-time expert system. The manager provides functions for the security administration of the monitored hosts. It controls their audit functions, requests new audit data by controlled polling and returns the decisions of the expert system to the agents. Secure RPC is used for the communication between the manager and the agents.

AAFID - Autonomous Agents for Intrusion Detection
Added 2001-10-22
by Gene Spafford,Mikhail Atallah,David Cole,David Cole,Frederic Dumont,Joshua Gray,Benjamin Kuper
AAFID is a distributed monitoring and intrusion detection system that employs small stand-alone programs (Agents) to perform monitoring functions in the hosts of a network. AAFID uses a hierarchical structure to collect the information produced by each agent, by each host, and by each set of hosts, so as to be able to detect suspicious activity. It is important to note that AAFID is not by itself a network-based intrusion detection system. It provides the infrastructure for distributing monitoring tasks over many hosts. Some agents may implement network monitoring functions, while others may implement host monitoring functions. This is the second public release of the AAFID prototype. It is completely implemented in Perl 5, which makes it easier to run it in different platforms.

CSM (Cooperating Security Manager)
Added 2001-10-22
by Gregory White, Eric Fisch, Udo Pooch
The Cooperating Security Manager (CSM) is an intrusion detection system designed to be used in a distributed network environment. Developed at Texas A&M, this system runs on UNIX based systems connected to any size network. The goal of CSMs is to provide a system that can detect intrusive activity in a distributed environment without the use of a centralized director. A system with a central director coordinating all activity severely limits the size of the network. Instead of reporting significant network activity to a central director, the CSMs communicate among themselves to cooperatively detect anomalous activity.

DIDS (Distributed Intrusion Detection System)
Added 2001-10-22
by Steven R. Snapp , James Brentano , Gihan V. Dias, Terrance L. Goan, L. Todd Heberlein, Che-Lin Ho,
The risk intrusion detection system that aggregates audit reports from a collection of hosts on a single network. Unique to DIDS is its ability to track a user as he establishes connections across the network.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus