Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] Anomaly detection

from [Karl Jaeger] Network Security [Permanent Link]
Subject: Re: [ISSForum] Anomaly detection
Date: Wed, 28 Jun 2006 11:27:48 +0200 
Andrew,

ISS server sensor and Proventia server do offer a broad range of anomaly
detection techniques:

Firstly there are the pam based signatures. Most of the newer signatures
are actually anomaly based rather than pattern based, because they
differentiate between "good" and "bad" protocol usage.
Secondly there are the audit type signatures where you find categories
like "unusual admin activity", which can detect anomalies.
Thirdly there are "Suspect connections" aka honeypot which will alert
you of anomal usage of a networked server.
Number two and three can be extended using user defined signatures to
detect anomalies from what the server was designed for to do. Proventia
server is offering some additional anomaly features like Buffer Overflow
Exploit Protection (BOEP). I am not so sure what you are looking for
specifically, but this might give you a rough idea of what can be done. 

Regards

Karl-Heinz Jaeger

Manager Research & Engineering

______________________________________________________________

*Treffen Sie am 19. jeden Monats IT-Sicherheits-Experten beim
BDG-Security-Point!**
*Informieren Sie sich hier: http://www.bdg.de/security-point

*Besuchen Sie den BDG-Workshop in Zusammenarbeit mit Blue Coat Systems
am 28. Juni 2006 in Frankfurt.**
*Nähere Informationen finden Sie unter: http://www.bdg.de/events/
<http://www.bdg.de/events/bluecoat_workshop/anmeldung.html>

______________________________________________________________

*BDG GmbH & Co. KG - Make IT safe.**
*Stolbergerstr. 307
D-50933 Koeln

Tel:     +49 (0)6126-94433-21

Fax:    +49 (0)6126-94433-31

 

E-Mail: karl.jaeger@bdg.de <mailto:karl.jaeger@bdg.de>

Web:   www.bdg.de <http://www.bdg.de/>

______________________________________________________________



Podosenin, Andrew schrieb:

Dear colleagues,

Do you know if the combination of Site Protector and Server Sensors offer any 
anomaly detection functionality? All I was able to find in the documentation 
is the reference to the ISS ADS devices.

Thanks,

Andrew
_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.

  

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISSForum] Proventia desktop 8.0.812.1770(XPU 24.38), McCarraher, John
Next by Date:  Re: [ISSForum] Siteprotector and Win2k3 SP1, Karl Jaeger
Previous by Thread:  [ISSForum] Anomaly detection, Podosenin, Andrew
Next by Thread:  [ISSForum] Supported platforms of Internet Scanner, Huette, Norbert
Indexes:  [Date] [Thread] [Top] [All Lists]