SecurityFocus

The Evolution of Intrusion Detection Systems
With all of the different components and vendors to choose from, IDS offerings have become pretty complex. This article by SecurityFocus writer Paul Innella will endeavour to examine how intrusion detection has evolved to its current state. Starting with a brief overview of different IDS methodologies, the article will then take a brief look at the history of IDS, and will conclude with a look at some of the major players in the IDS field.
By: Paul Innella 2001-11-16
http://www.securityfocus.com/infocus/1514

Virtual Honeynets
A honeynet is a tool that can be used to learn about the targets, methods and tools used by intruders when compromising a system, it consists of a network of production systems that are designed to be compromised. Whereas a honeypot usually consists of one machine,a honeynet is a network of computers. This article will offer a brief overview of honeynets, and will examine how to set up a one-machine honeynet using VMware.
By: Michael Clark 2001-11-07
http://www.securityfocus.com/infocus/1506

The Value of Honeypots, Part Two: Honeypot Solutions and Legal Issues
Now that we have been discussing the different types of honeypots and their value, let's discuss some examples. The more I work with honeypots, the more I realize that no two honeypots are alike. Because of this, I have identified what I call 'level of involvement'. Simply put, the more involved a honeypot is, the more value it can have. At the same time, the more involved a honeypot is, the more risk it is likely to have. The more a honeypot can do and the more an attacker can do to a hon...
By: Lance Spitzner 2001-10-25
http://www.securityfocus.com/infocus/1498

The Value of Honeypots, Part One: Definitions and Values of Honeypots
Over the past several years there has been a growing interest in honeypots and honeypot-related technologies. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. This article by Lance Spitzner is the first part of a two-part series that will discuss what honeypots are, and how they can add value to an organization. This series will also introduce several honeypot solutions.
By: Lance Spitzner 2001-10-10
http://www.securityfocus.com/infocus/1492

Strategies to Reduce False Positives and Negatives in NIDS, Part Two
This is the second of a two-part series devoted to the discussion of false alarms on network-based intrusion detection systems. The first article offered an overview of false alarms, of false positives as they are commonly known, and false negatives. This installment will look at a few ways to reduce false alarms.
By: Kevin Timm 2001-09-27
http://www.securityfocus.com/infocus/1477

Strategies to Reduce False Positives and False Negatives in NIDS
By providing an additional layer of protection above and beyond access control devices such as a firewall, network-based intrusion detection systems (NIDS) can be a valuable addition to the security arsenal. However, NIDS has been criticized for its propensity to generate a perceived large amount of false positives and false negatives. This article is the first of a two-part series that will offer an overview of network-based intrusion detection and false reports. This installment will...
By: Kevin Timm 2001-09-11
http://www.securityfocus.com/infocus/1463

The Motives and Psychology of the Black-hat Community
By: The Honeypot Project 2000-06-25
http://www.securityfocus.com/infocus/1448

Know Your Enemy - Worms at War
By: Honeynet Project 2000-11-08
http://www.securityfocus.com/infocus/1233

IDS Evasion with Unicode
By: Eric Hacker 2001-01-03
http://www.securityfocus.com/infocus/1232

Thinking about Security Monitoring and Event Correlation
By: Billy Smith 2000-11-03
http://www.securityfocus.com/infocus/1231