Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Managing Intrusion Detection Systems in Large Organizations, Part Two
This is the second of a two-part series devoted to discussing the implementation of intrusion detection systems in large organizations. In this installment, we will look at managing agents in a distributed environment, managing data from multiple IDS packages, and correlating data from distributed agents.
Managing Intrusion Detection Systems in Large Organizations, Part One
This article is the first of a two-part series that will discuss the need for intrusion detection systems (IDS) in large organizations, including challenges of deploying IDSs in such environments, managing agents in a distributed environment, and using collected data. It will also discuss some “real-world” IDS experiences of larger companies.
Preventing and Detecting Insider Attacks Using IDS
Insider attacks pose unique challenges for security administrators. This article will examine some ways in which intrusion detection systems can be used to help prevent and detect insider attacks.
Network Intrusion Detection Signatures, Part Four
This is the fourth in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article, we will resume our discussion of protocol analysis and how it can overcome attempts by attackers to obfuscate their exploits so that they cannot be detected by simple intrusion detection signature methods.
Network Intrusion Detection Signatures, Part Three
This is the third in a series of articles on understanding and developing signatures for network intrusion detection systems. In Part One and Part Two, we examined the use of IP protocol header values, particularly TCP, UDP and ICMP, in network intrusion detection signatures. In this installment, we will continue our discussion of signatures by studyin...
Understanding IDS Active Response Mechanisms
Debates still rage in the developer community over which methods of detecting attackers are best, but IDS customers as a whole are satisfied with the current IDS technology. To get an edge on the competition, many of the IDS vendors are adding active response capabilities to their products. This article will offer an overview of active response mechanisms in intrusion detection systems.
Network Intrusion Detection Signatures, Part Two
This is the second in a series of articles on understanding and developing signatures for network intrusion detection systems. In the first installment we looked at signature basics, the functions that signatures serve, header values, signature components, and choosing signatures. In this article we will continue our discussion of IP protocol header values in signatures by closely examining some signature examples.
An Introduction To Distributed Intrusion Detection Systems
This article will discuss distributed intrusion detection systems (dIDS), including the general setup of a dIDS and a fictional case study to demonstrate the distributed analysis abilities. It will also try to give the reader some insight into the benefits of running a dIDS system, from both incident analyst and corporate views.
Network Intrusion Detection Signatures, Part One
This is the first in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article we will discuss the basics of network IDS signatures and then take a closer look at signatures that focus on IP, TCP, UDP and ICMP header values.
The Future of IDS
IDS, much like the security industry itself, has grown rapidly over the past few years. These tools have become essential security components - as valuable to many organizations as a firewall. However, as in any environment, things change. This article will offer a brief look at some possible future developments in intrusion detection.