Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: new intrusion detection system

from [Gautam Singaraju] Network Security [Permanent Link]
Subject: Re: new intrusion detection system
Date: Thu, 21 Oct 2004 14:28:56 -0400 
Charles,

There is another system called Intrusion Detection Message Exchange
Format (IDMEF) is more recent attempt at the common xml based
reporting format.

There are a couple of 'brave' open source IDSs that are making a move
towards a common reporting format. There is a IDMEF plug-in for snort
and another IDS Prelude-ids also offers this. I am not aware of any
commercial IDSs though.

It is amazing to see that we are moving towards IPS and ITS, but not
had a common outputs for all IDSs.

Gautam


On Thu, 21 Oct 2004 11:48:48 -0400, Kendzierski, Charles V.
<c.kendzi@radium.ncsc.mil> wrote:

Gautam,

   You bring up a good point in regards to common reporting output format
for IDSs. In the late 90s, the IETF embarked upon the development of a
Common Intrusion Detection Framework (CIDF). Standardizing of events,
alarms, and reporting was one such goal. Unfortunately, for whatever reason,
the group's efforts at a CIDF ceased momentum in early 2000. I have been
unable to find any updates on the IETF's efforts in this regard. A CIDF can
and should be supported for each IDS (NIDS, HIDS, and to a larger extent
firewalls and layer three devices) but understand an agreement on a CIDF is
primal to this capability being provided.

Chuck Kendzierski




-----Original Message-----
From: Gautam Singaraju [mailto:gautam.singaraju@gmail.com]
Sent: Wednesday, October 20, 2004 4:12 PM
To: Tomas Pluskal
Cc: focus-ids@securityfocus.com
Subject: Re: new intrusion detection system

Tomas,
The IDS on process monitoring seems interesting. Just wondering any
plan to generate the report based on IDMEF? The reports in the system
are generated using XML (report.xml?).
I am of an opinion that a common output format should be required for
all IDSs. This helps a lot when someone is interested in comparing
them with others.
thanks,
Gautam

On Tue, 19 Oct 2004 14:33:28 +0200 (CEST), Tomas Pluskal
<plusik@pohoda.cz> wrote:


Hello to all,

I have implemented a new type of intrusion detection system for my Master
thesis. I would like to announce this information, in case anyone would be
interested in this research.

The IDS system is designed as a kernel module for FreeBSD 5.2. It is

inspired

by the SpamAssassin program, which detects spam by applying a set of tests

to

every email message and counting a sum of point score generated by each

test.

My IDS system applies a set of tests to every running process in the OS

and

counts its score generated by the tests. Therefore, the purpose of the IDS

is

not to monitor the network traffic, but rather to monitor the process

activity.


The current system status is a "working prototype" - it is not ready for
production usage, but it may serve as a good base for an interesting
research.

If you are interested in this topic, please read the details here:
http://plusik.pohoda.cz/thesis/

Thanks,

Tomas

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from

CORE IMPACT.

Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.

--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------


Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fortinet IDS, Ron Gula
Next by Date:  RE: Fortinet IDS, David Puckett
Previous by Thread:  RE: new intrusion detection system, Kendzierski, Charles V.
Next by Thread:  Re: new intrusion detection system, Herve Debar
Indexes:  [Date] [Thread] [Top] [All Lists]