Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: email@example.com
The Evolution of Intrusion Detection Systems
With all of the different components and vendors to choose from, IDS offerings have become pretty complex. This article by SecurityFocus writer Paul Innella will endeavour to examine how intrusion detection has evolved to its current state. Starting with a brief overview of different IDS methodologies, the article will then take a brief look at the history of IDS, and will conclude with a look at some of the major players in the IDS field.
A honeynet is a tool that can be used to learn about the targets, methods and tools used by intruders when compromising a system, it consists of a network of production systems that are designed to be compromised. Whereas a honeypot usually consists of one machine,a honeynet is a network of computers. This article will offer a brief overview of honeynets, and will examine how to set up a one-machine honeynet using VMware.
The Value of Honeypots, Part Two: Honeypot Solutions and Legal Issues
Now that we have been discussing the different types of honeypots and their value, let's discuss some examples. The more I work with honeypots, the more I realize that no two honeypots are alike. Because of this, I have identified what I call 'level of involvement'. Simply put, the more involved a honeypot is, the more value it can have. At the same time, the more involved a honeypot is, the more risk it is likely to have. The more a honeypot can do and the more an attacker can do to a hon...
The Value of Honeypots, Part One: Definitions and Values of Honeypots
Over the past several years there has been a growing interest in honeypots and honeypot-related technologies. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. This article by Lance Spitzner is the first part of a two-part series that will discuss what honeypots are, and how they can add value to an organization. This series will also introduce several honeypot solutions.
Strategies to Reduce False Positives and Negatives in NIDS, Part Two
This is the second of a two-part series devoted to the discussion of false alarms on network-based intrusion detection systems. The first article offered an overview of false alarms, of false positives as they are commonly known, and false negatives. This installment will look at a few ways to reduce false alarms.
Strategies to Reduce False Positives and False Negatives in NIDS
By providing an additional layer of protection above and beyond access control devices such as a firewall, network-based intrusion detection systems (NIDS) can be a valuable addition to the security arsenal. However, NIDS has been criticized for its propensity to generate a perceived large amount of false positives and false negatives. This article is the first of a two-part series that will offer an overview of network-based intrusion detection and false reports. This installment will...
The Motives and Psychology of the Black-hat Community
Know Your Enemy - Worms at War
IDS Evasion with Unicode
Thinking about Security Monitoring and Event Correlation