Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Statistical-Based Intrusion Detection
This article will examine statistical-based intrusion detection systems, which alert on anomalous network behaviour, thus providing better monitoring for zero-day exploits than traditional IDS.
Specter: A Commercial Honeypot Solution for Windows
This is the third installment in an ongoing series of articles looking at honeypots. In the first two papers, we discussed the OpenSource honeypot Honeyd, how it works, and a deployment in the wild. In this paper we will look at a different honeypot, the commercially supported solution, Specter.
Open Source Honeypots, Part Two: Deploying Honeyd in the Wild
This is the second part of a three-part series looking at Honeyd, the open source honeypot. In this paper we we will deploy Honeyd on the Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered
Intrusion Prevention Systems: the Next Step in the Evolution of IDS
Intrusion prevention systems combine the blocking capabilities of a firewall with the deep packet inspection of intrusion detection systems. this discussion will look at five different categories of IPSs that focus on attack prevention at layers that most firewalls are not yet able to decipher.
The Great IDS Debate : Signature Analysis Versus Protocol Analysis
At the heart of intrusion detection systems lies the analysis engine. It reviews each packet, determines if it is malicious, and logs an alert if necessary – the core tasks of an IDS. Two different techniques, each favored by separate and loyal camps, have emerged as the preferred engine behind IDS software. In this article, we'll examine and compare the two different techniques: signature analysis and protocol analysis.
Intelligence Gathering: Watching a Honeypot at Work
The purpose of this article is share with the security community the data the author collected from his honeypot. This discussion will include the attacker's recon, the attack, the attempted cover-up, and the reason for the attack on the honeypot
Evaluating Network Intrusion Detection Signatures, Part Three
This is the third article in a series devoted to evaluating the quality of network intrusion detection (NID) signatures. This article will wrap up the series by examining other ways of generating attacks with other security-related tools and by manually creating your own attacks.
Complete Snort-based IDS Architecture, Part Two
This is second part of a two-part article that will provide a set of detailed directions to build an affordable intrusion detection architecture. This installment willll discuss Web interface configuration, summaries and daily reporting, automated attack response, installation of sensors, and big distributed IDS systems.
Complete Snort-based IDS Architecture, Part One
Many companies find it hard to justify acquiring the IDS systems due to their perceived high cost of ownership. However, not all IDS systems are prohibitively expensive. This two-part article will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software.
Identifying and Tracking Emerging and Subversive Worms Using Distributed Intrusion Detection Systems
Distributed intrusion detection systems (dIDS) are one method that can be used to identify new and emerging worms that spread via subversive propagation techniques. This paper will discuss how and why the dIDS design is able to identify, detect, and track worms even as they implement more advanced propagation methods.