Intrusion Detection

Last Updated on 5 March 2014, Total: 29 Articles and Tutorials

  1. Tools of the Trade revisited (Part 1)

    This article series revisits the article series called “Tools of the Trade”. This time however it will be looked at from the IDS’s perspective... Read More

  2. Writing Egress Filters for your IDS

    In this article we will look at ways of discovering system compromises based on outgoing IDS signatures... Read More

  3. Packet analysis tools and methodology (Part 4)

    In the last part of this article series we will take a look at the alarms generated by myself. This binary log will include several attacks, and some general surfing. We now need to take a look, and separate the chaff from the wheat... Read More

  4. Packet analysis tools and methodology (Part 3)

    It has arguably gotten easier to exploit computers now due to the abundance of attack tools out there today. One of the most powerful ones is the Metasploit Framework. We will take a look at it in this article... Read More

  5. Packet analysis tools and methodology (Part 2)

    In part two of this article series we will learn how to build a powerful analysis suite. Tools covered will be Snort, Snortsnarf, widump, and winpcap. You will also need to install a PERL interpreter, which shall be shown... Read More

  6. Packet analysis tools and methodology (Part 1)

    There are untold billions of packets flying around the web today. A great many of them are of malicious intent. A prelude to malicious activity is often the port scan. We will learn about some of the more popular types of port scans in existence today, and the tools used for them... Read More

  7. Intrusion Detection Systems FAQ

    Intrusion Detection Systems are used to detect malicious activity on your network. This Intrusion Detection Systems FAQ explains different types of network attacks and how to detect them... Read More

  8. Intrusion Detection Systems (IDS) Part 2 - Classification; methods; techniques

    Due to a growing number of intrusion events and also because the Internet and local networks have become so ubiquitous, organizations are increasingly implementing various systems that monitor IT security breaches. This is the second article devoted to these systems. The previous article dealt with IDS categorization and architecture. At this point we will provide further in depth guidance. This... Read More

  9. The Science of Host Based Security

    Just a few years ago, the focus of enterprise security was primarily split between perimeter security and authentication controls. Security engineers spent their time mulling over firewall implementations, access rights, and the occasional implementation of encryption technologies. A new movement though has overtaken the industry as security breaches have become more and more common despite perimeter defenses, thus forcing enterprises... Read More

  10. Host-Based IDS vs Network-Based IDS (Part 2 - Comparative Analysis)

    The second paper in this two part series, this white paper will focus on HIDS (Host Based Intrusion Detection System)and the benefit of a HIDS within a corporate environment. A comparative analysis will also be done representing the industry leaders and will conclude by deriving at a calculated recommendation. This will aid organizations when deciding on a comprehensive HIDS or... Read More