[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Welcome to ids (fwd)
From: Darren Reed <darrenr () cyber ! com ! au>
Date: 1998-02-17 2:55:04
[Download RAW message or body]
[...]
> Here's the general information for the list you've subscribed to,
> in case you don't already have it:
>
> [Last updated on: Wed Sep 18 13:49:59 1996]
> + ================================================ +
> || ___ ____ ___ ----------------------------- ||
> || I | \ / I N T R U S I O N ----- ||
> || I | / \__ D E T E C T I O N ------ ||
> || I | / \ S Y S T E M S ------- ||
> || _I___|_/_______/ -------------------- ||
> || ||
> + === M A I L I N G =========== L I S T ========== +
>
> Welcome to the Intrusion Detection Systems Mailing List. The list is
> a forum for discussion on topics related to development of intrusion
> detection systems.
>
> -= IDS Relevant Topics =-
>
> ++++ Audit Collection/Filtering ++++
> + Profiling Techniques +
> + Detection Methods +
> + Knowledge Based Expert Systems +
> + Fuzzy Logic Systems +
> ++++ Neural Networks ++++
>
> ===== Intruder Methods and Tools =====
> = == Advisories (CERT, CIAC, 8lgm) = ==
> = == Telecommunications Fraud = ==
> = == Financial Fraud = ==
> = == Fraud Detection/Prevention Systems = ==
> ==== ====
>
> **** Security Policies ****
> * * * *
> ** **
> ** **
> * * * *
> **** ****
>
>
> ---- IRC Conferences ----
>
> The intrusion detection channel on irc is #ids. Hook in anytime, there
> may be someone around to chat with. For those not familiar with IRC I
> suggest getting the IRC FAQ from Usenet news.answers.
> Additionally, discussions sessions can be organised via IRC.
>
> ---- Using the Mailing List ----
>
> Majordomo list management software is being used to run the forum. If
> you haven't used majordomo mailing lists before, I suggest you obtain
> the "help" file. The help file will give a description of the commands
> supported by this version and the syntax required.
>
> This is done by sending:
> --> To: majordomo@uow.edu.au
> --> Subject: (not important)
> --> Body: help
>
> All commands are handled by the above address. NOTE: mail for the list
> is not to be sent to the above address. Mail for the ids mailing list
> should be directed to:
>
> --> To: ids@uow.edu.au
> --> Subject: please try give appropriate subject names
> --> Body: message for the forum
>
> Also information on subscribing and unsubscribing to the ids mailing
> list can be retrieved by mailing to "ids-request@uow.edu.au" with body
> "help".
>
> If you need to discuss any additional ideas related to the services of
> the mailing list you can send mail to the list maintainer by sending:
>
> --> To: ids-owner@uow.edu.au
>
> Please try only send mail in regard to problems or ideas related to
> the running of the mailing list.
>
> ---- Introduction to Intrusion Detection Systems ----
>
> Todays growth and reliance on computer systems is phenomenal, there
> has been no other age in human-kind in which the rate of change
> has been so explosive.
>
> However this rapid growth has often meant choosing the quickest and
> easiest strategies to implement and maintain the computer systems.
> A lack of resources and expertise often results in the security
> responsibility being shared amongst users with the most computer
> experience. It is not uncommon to find that there is no dedicated
> system administrator let alone specialised security officers.
> Hence, many systems are implemented without any regards to sound
> security strategies.
>
> There have been -= MANY =- hacker/cracker/phreaker stories reported in
> the news over the years, some which were more hyped than others.
> Dramatic movies such as Wargames, which shows a college student who
> nearly starts a "Thermonuclear War" because this bright young hacker
> decided he "want[ed] to play a game ?" with a high security military
> computer system. This cult movie was accredited as inspiring a whole
> new generation of system hackers, or as the older generation of hackers
> prefer "crackers".
>
> Another movie "Sneakers" revolves around a tiger team whose job was to
> test the security of banks by attempting to break into them. Later they are
> hired to steal a powerful decryption box that was able to decipher
> all American encryption systems. Though such movies are obviously highly
> fictional [ -= Clipper =- Doh! ], there have been many all-too-real
> accounts.
>
> One such account, is outlined in Cliff Stoll's "The Cuckoos Egg".
> Stoll when asked to account for a 75c discrepancy in the system
> accounting found that someone was hacking into his computer system by
> using other peoples accounts. Stoll eventually traced his hacker back
> to a group of German hackers who were using his computers to break
> into US military sites looking for information to sell to the KGB.
>
> Another (in)famous event (circa 1988) was the "Internet Worm", a worm
> program that spread across the Internet, by exploiting somewhat known
> security holes. It was created and released by a student from Cornell
> University, Robert Taipan Morris (rtm) the son of an esteemed security
> expert. It was estimated that the worm was responsible for some 4000
> BSD and VAX based systems coming to a halt, costing some US$10+
> Million dollars in lost computer time. Such incidents, along with
> countless others highlight the need for increased computer security.
> However the solution isn't a simple one, for "UNIX was not developed
> with security, in any realistic sense, in mind".
>
> Intrusion Detection Systems attempt to solve some of the classical
> security problems in computer systems. These Intrusion Detection
> Systems attempt to ensure correct usage of the computer system by
> automated monitoring of the system audit trail. The early idea of
> detecting threats by means of audit trail analysis was purposed by
> J Anderson. In his report Anderson categorised threats as
> internal penetrators (which included masquerading and clandestine
> users) and external penetrators. While most reporting has been about
> the external computer "hackers", it is suggested that the internal
> penetrators have been cause for most security incidents (some
> estimates as high as 80-90%).
>
> Later models were developed for performing intrusion detection by
> using expert systems and subject profiling with the majority of early
> work being carried out by Sytek and SRI International in developing
> computer algorithms, later the Intrusion Detection Expert System
> and Next-generation Intrusion Detection Expert System for the
> automatic analysis of computer audit records for detection of
> abnormal or suspicious computer usage.
>
> What follows is a list of many of the systems which have been or still
> are being developed.
>
> ---- Intrusion Detection Systems ----
> Legend:
> AS - Audit System
> NS - Network Scanner
> NM - Network Monitor
> SS - Security Scanner
> SM - System Monitor
>
> AD - Anomaly Detection
> MD - Misuse Detection
>
> ES - Expert System
> FL - Fuzzy Logic
> NN - Neural Network
> SA - Statistical Analysis
>
> System Type
> --------------------------------------------------------------- ---------------
> Saturne
> Discovery
> Network Auditing Usage Reporting System (NAURS)
> Intrusion Detection Expert System (IDES)
> Next-generation Intrusion Detection Expert System (NIDES) AD,MD,SA,ES
> Wisdom and Sense (W&S) AD,SA
> Network Intrusion Detection eXpert (NIDX)
> Haystack
> Multics Intrusion Detection and Alerting System (MIDAS)
> Network Anomaly Detection and Intrusion Reporter (NADIR)
> Computer Watch (CW)
> Clyde Digital Systems Audit (CDSA)
> Information Security Officer Assistant (ISOA)
> Minos
> Time-based Inductive Learning (TIM)
> Network Security Monitor (NSM)
> Distributed Intrusion Detection System (DIDS)
> Network Intrusion Countermeasure Engineering (NICE)
> Intrusion Detection Alert (IDA)
> State Transition Analysis Tool (STAT)
> Unix State Transition Analysis Tool (USTAT)
> SecureNet (SN)
> Stalker
> Polycenter Security Intrusion Detector (PSID)
> Computer Misuse Detection System (CMDS)
> Kane Security Analyst (KSA)
> Axent Omniguard/Intruder Alert (IA)
>
> Other related IDS components/tools:
>
> Advanced Security audit trail Analysis on uniX (ASAX) AS
> Basic Security Module (BSM) AS
> Compartment Mode Workstation (CMW) AS
> svr4++ AS
>
> ASET SM
> COPS SS
> Courtney NM
> Internet Security Scanner (ISS) NS, SS
> Pingware
> SPI
> System Security Scanner (S3) SS
> Security Administrator Tool for Analysing Networks (SATAN) NS, SS
> TAMU Tiger SS
> TCP Wrappers NM
> Tripwire SM
>
> ---- Joining Requests ----
>
> When joining the list I ask you to briefly introduce yourself (to the
> mailing list <ids@uow.edu.au>), to give an outline of your interest in
> intrusion detection systems. Whether you are developing an intrusion
> detection system, or a system administrator or student who is
> currently investigating or developing a system. Additionally you might
> want to express some personal ideas that you have about what you think
> an intrusion detection system should be.
>
> ---- References & Papers ----
>
> For those that are looking for some reference material I am collecting
> material, if you have any material on the topic please inform the list
> or me. I would like to use this to develop a FAQ for the list.
>
> If you have any copies of papers on/related to intrusion detection
> systems then you can drop them off in:
> ftp://ftp.cs.uow.edu.au/pub/ccsr/ids/incoming/
> It would be useful if you could also leave a brief note indicating what
> the information is in regards too and the source of the information
> (ie. URL etc..)
>
> ---- FTP & WWW ----
>
> ftp://ftp.cs.uow.edu.au/pub/ccsr/ids
>
> http://www.cs.uow.edu.au/ccsr/ids.html NOT AVAILABLE YET
>
> ---- Important Note ----
>
> One final note: if you want to mail to the list be sure to mail to:
> ids@uow.edu.au
>
> *Warning* if you are replying to mail from the list it will be directed
> to the list (due to Reply-to: fields being automatically inserted)
> not the author of the mail which may have been the intention. So reply
> to the author of the message just edit the To: field before sending the
> mail.
>
> majordomo@uow.edu.au is for commands for list management functions, if
> you are unsure of syntax just mail with "help" in body of message.
>
> --=== RuF LiNuX SPi: $Revision: 1.1 $ $Date: 1996/09/11 05:29:54 $ ===--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic