Security Products

Navy IA Computer Security ToolsCompuSec PC Security Suite - pre-boot access authentication
BigFix Like MS Windows update services, BigFix allows for automations of patch management. Not only does it provide for Microsoft products, it also is a cross platform application that can patch Linux, HP-UX and Solaris systems. Like MS WUS, it pushes out the patches to computers, it also monitors which computers need updates. This information can be utilized by an administrator to troubleshoot a problem computer that is not updating correctly. Another key feature, BigFix allows the administrator to rollback installed patches in case the installation of a new patch creates problems. Cost is $30 per seat.SolarWinds SolarWinds Network Management Toolset provides several different management tools that are essential to any network manager monitoring a local area network. Some of the tools available are Bandwidth Gauging, IP network browsing, router CPU utilization, Ping Sweeping, trace routes, and many more. Four version of the application are available with the Standard edition costing $145 and the Engineer's edition costing $995.
Imlogic IM Manager 6.0 IM manager from Imlogic is an application for managing user instant messaging applications for small or large organizations. Priced relatively inexpensive at $25 per user. This comes at an exceptionally deal for smaller organizations needing a tool that will help IT administrators in IM management, security, and user compliance. Various types of IM that can be administered are Yahoo, MSN, and AIM.Snort Snort is an open source network intrusion detection system. Being open source, it will operate on several different operating systems such is Windows, Linux, Sun OS, and Solaris. It is capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, and CGI attacks. Snort's primary functions are packet sniffing, packet loggers, and intrusion detection.Microsoft Windows Update Services Microsoft Windows Update Services is the latest option available from Microsoft to update Windows 2000 and Windows XP computers. This application is an add-on for server systems that will download patches from Microsoft on set schedules. These downloads can later be pushed out client computers at set schedules also. This process allows for one download from Microsoft updates instead of every computer downloading updates and bogging down an internet connection. This is free from Microsoft.
GFILANgaurd is a product that consists of an intrusion detection tool, a content filtering of email tool, a web and FTP tool, a security scanning tool, and a reporting tool. In addition, there are add-on programs to the GFILANgaurd, as well as it offers the ability to check for patches and updates. In addition, it checks the strength of the passwords used on the system, and it analyzes the system looking for other vulnerabilities.ZoneAlarm PRO 4.0 is a security package that offers protection "against hackers, email viruses, internal tampering, web profiling, spyware, rogue applications, and more." In addition, this suite offers a cache cleaner, cookie control, mobile PC protection, password protection, Mailsafe, hacker ID, and a firewall. The Hacker ID is a great tool in that it allows you to track an intruder without exposing your network ID.BlackICE is a software package that provides intrusion protection and a firewall. BlackICE automatically screens inbound and outbound data. BlackICE offers a demonstration of their product, as well as offers various prices and licensing plans. BlackICE generates reports, and offers comprehensive analysis of the system for better protection
SonicWALL Internet Security Appliances is a security product geared for small to medium sized businesses. This product includes a firewall, packet tracking, monitoring, intrusion detection, the ability to generate reports, and the ability to compile information into a state table. In addition, the Network Address Translation feature hides the IP addresses by replacing them with a single IP address.WatchGuard offers several products: a perimeter security system, a server security system, a desktop security system, and a live security system. The perimeter products give you the ability to remove attachments before they enter network, offer traveling employees secure communication channels, and protects desktops and servers against threats and vulnerabilities. The server security products give you the ability to lock down assets and to protect them. The desktop security offers users mobile VPNs. Their live service offers automatic updates and online tech support.An excellent site listing all types of Security Tools and Overview of them. Some examples are: ISS Products - IS provides three separate products…., Tumbleweed - …address a wide range of content security and communications issues, and MPTC (Multi-Platform Trusted Copy) - a cyber security software application used to review computer files for specific elements that can hide sensitive information.
FreeS/WAN is an implementation of IPSEC & IKEPedestal Software. Detects changes in files, registry and configuration settings. NT.ISS's Internet Scanner™
UNIX Security SoftwareTrinux - Linux Security ToolsSATAN
Intrusion has a series of products that provide intrusion detection. Their SecureHost software program is a "proactive" program that provides reports bases on "indicators of future information loss and service interruption." In addition, SecureHost offers a passive low-cost intrusion detection system with virtually no false alarms. And, for smaller networks, SecureHost can be deployed as a standalone application.Internet Security Systems (ISS) offers a series of protection systems marketed under the name of Proventia. According to ISS, "Proventia is designed to identify and block: network attacks, intrusions, viruses, malicious code, unwanted traffic, and spam." In addition, the software operates as a firewall, provides VPN capability, has an antivirus component, and a component for intrusion detection and prevention.Tripwire offers a series of products which are marketed to "instill accountability, gain visibility, and ensure availability." They have a server product and a network device product. In addition, Tripwire states that their product " provides the only way to know, with certainty, that systems remain uncompromised."
Cisco offers a hardware intrusion detection device. Their solution offers "accurate threat detection, intelligent threat investigation, ease of management, and flexible deployment options." It offers a comprehensive device which operates with browser-based tools capable of detecting a wide range of potential threats with virtually no false alarms.G-Server is a product that allows companies to rest assured that their website will not be defaced or tampered with. According to Gilian, "Gilian's G-Server is the first and only appliance designed to keep fraudulent information and corrupted transactions from ever being published on your Web site." G-Server has two unique features that examine HTTP and HTTPS requests and check them for validity and legitimacy, in addition to preventing execution of unauthorized or corrupted transactions."IntraLock is a Security Appliance Card for servers that provides a complete turnkey solution, including software, management, and hardware." This is a hardware security appliance in a plug-in card format. It claims zero (they even italicize "zero") impact to the network infrastructure, although most administrators I know consider adding a card - particularly one that intercepts communications - to be altering the infrastructure.
Cerdant offers a "suite of best of breed firewall and intrusion detection systems." Including its own management system in case you don't have the personnel for active monitoring. The ad copy gets credit for outlining the difference between a firewall and an IDS."Proventia G Series proactively blocks known and unknown attacks including denial-of-service (DOS), Trojans, and worms like the recent MS Blast ... Proventia G Series uses multiple blocking techniques to address each individual threat appropriately, rather than a blanket approach to blocking that could hinder legitimate traffic. While other products detect and block only known attacks, the Proventia G Series also protects customers from future attacks before they occur because the appliances have the intelligence to block attempts targeting critical vulnerabilities."Privacyware offers "advanced threat protection and security intelligence solutions". One of their products is "Privatefirewall", a single-PC desktop firewall package. At $29.95, it's in the same range of home-user-desktop packages as ZoneAlarm and Symantec.
Another consumer-grade firewall: "Norman Internet Control (NIC) offers comprehensive protection against hacker/cracker and malware attacks in one simple, easy-to-use solution. This product combines the award winning Norman Virus Control and Norman Personal Firewall in one package ... "Absolute Enterprise Solutions - an "All in One" security appliance. This is a standalone hardware device. By All-in-One, they mean it can be equipped to fulfill functions such as:
  • Firewall
  • Anti-Virus*
  • Internet Content Filtering System*
  • Intrusion Detection System (IDS)*
  • Virtual Private Network (VPN)
  • Network Address Translation (NAT)
  • Server Load Balancing
(the asterisks in the list above are never explained on that page) Functional descriptions are given on this page - rather than in a separate huge PDF document as most vendors seem to prefer - for the Firewall, IDS and VPN. These are hardware devices which come with their own "custom developed" operating system.
Sans is a security website that offers training as well as definitions to network security products like intrusion detection. SANS is the Internet's most trusted site for vendor neutral intrusion detection information. This site has a long list of FAQ, which answer many of the intrusion detection questions one might have.SecurityFocus claims to be the most comprehensive and trusted source of security information on the Internet. SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. They provide the security community with access to comprehensive, timely, and accurate security information at no charge.CA Security eTrust Intrusion Detection Comprehensive Intrusion Management - eTrust Intrusion Detection is a complete session security solution that incorporates three key security capabilities into one package - a comprehensive network Intrusion Detection System, real-time session monitoring and Internet content blocking. These solutions work together to address specific security requirements, forming a complete network defense without the high cost, administrative overhead and non-integrative approach associated with separate products from different vendors.
Linux Internet Server: Set Up a Firewall by Paul Dunne; Summary: The article examines how to set up a Linux box to provide routing services between the local network and the Internet, and to address the security issues raised by such a connection by having the Linux box act as a firewall. The article also deals with setting up a Linux PC for use as a firewall between the Internet and a local network. It is a tutorial that takes the reader through installing, configuring and administering a Linux firewall. Some knowledge of TCP/IP networking and Linux is assumed as well as a basic acquaintance with firewalls.
Cisco's Intrusion Detection System formerly known as NetRanger. It discusses the fact that Cisco's Intrusion Detection System "is the industry's first enterprise-scale, real-time, network intrusion detection system". I believe this next sentence says it all: "You can't stop network intrusions if you can't see them."This site is a press release by Mazu Networks that "announced that it has enhanced its PowerSecure". It goes on to state that PowerSecure is used to support the intake of NetFlow data. NetFlow is described as: "NetFlow is an interface standard to popular routers that collects and measures network traffic data as it enters specific routers or switches. NetFlow allows highly granular and accurate traffic measurements and high-level aggregated traffic collection."excellent site for firewall security products. It has an wonderful repository on Online Product Documentation for various types of firewalls. It includes a vendor list and firewall products they offer and it has a list of reviewed firewall reviews. And probably most importantly it has an article entitled What to Consider When Buying a Firewall. This site is worth another look and bookmarking.
useful site, containing links to dozens of vendors (although not all of the sites linked to were firewall vendors) Computerworld's Buyer's Guide, the "Firewall Vendors" category

Evaluation of Security Products

The Computer Security Evaluation Frequently Asked Questions, v3 This site is an excellent guide (even though it is billed as a FAQ) to the acronym soup of evaluations. Covers different evauation programs, how they originated, sponsoring agencies, and how each works, and more. from the site: "This FAQ is designed to answer common questions about the evaluation of trusted products. We have attempted to be as clear, precise and accurate as possible. Some answers are undoubtedly closer to this ideal than others."Automated Security Self-Evaluation Tool - The purpose of ASSET is to assist managers in gathering system data and creating reports in support of NIST Special Publication 800-26 IT Security Self-Assessment Questionnaire. It's software for the data collection and report portion, not for actually running tests on a system. Although it is intended for public sector management, it is useful for most anyone trying to evaluate their current security status. A fascinating view into how the US government handles assessment.Infosec Assurance and Certification Services (IACS) - From the site: "IACS has been designed to respond to the increasing complexity of IT products and systems and to the diverse customer requirements for assurance in the security functionality of those products and systems. IACS is not a new service - rather, it uniquely blends the elements of our assurance services to offer the end user or developer a single gateway for obtaining the CESG assistance they require. IACS provides for independent and objective assurance in the security functionality of a product or system both within the UK and internationally. IACS is about providing the best solution to the full range of end users identified whilst allowing the developer to achieve his commercial agenda in the most efficient and streamlined way." and: "End users" are defined as central and local government, and Critical National Infrastructure (CNI) services, where it is in the national interest. Services include Consulting, Cryptographic Evaluations (approval of cryptographic products), Fast Track Assessment, IT Security Health Check and CHECK, IT Security Evaluation & Certification, System Evaluations, and TEMPEST Although services are unlikely to be available to US graduate students, the site is still a wealth of information.
Not-So-Good Privacy: Looking at Security - by Byron Alley; Summary: The article discusses the evaluation of PGP computer systems and products for security. Security systems are complex things. Recently, a flaw was found in the popular encryption program PGP. What's interesting about this flaw is that it's not a problem with the code system. As far as we know, no one has found an easy way to crack the codes that PGP uses. According to the article, the important lesson is not that PGP is flawed--PGP has withstood the scrutiny and testing of thousands of programmers and computer scientists. The important lesson lies in how security systems are evaluated.Software Security Assessment through Specification Mutations and Fault Injection - A paper presenting "a practical approach for software security assessment based on fault injection." An application with a real world case, Wireless Application Protocol gateways, is described. In this test, "all 7 of the tested WAP gateways were found to have robustness problems, and four were demonstrated to be vulnerable." "Robust" is defined as "software which tolerates unexpected input" "Robustness problems are security problems as well, these flaws can be exploited to compromise a system."OSSTMM - Open Source Security Testing Methodology Manual - by Pete Herzog, This is a manual describing an open standard methodology for performing security tests.
"Security-Enhanced Linux" - Author: the National Security Agency," Summary: This article discusses the critical role of operating system security mechanisms in supporting security at higher levels. Therefore, researchers from the NSA's Information Assurance Research Group have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments. The article discusses several e security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements."Design Principles for Security Mechanisms," - Author: Matt Bishop; Summary: This is a sample chapter from our current textbook. The article is a sample article and pulls out points we have already read on and/or discussed. I found it interesting it interesting to find an article based on the textbook that we are currently studying."Common Criteria," - Author: Gary Rycombie Consulting, 1999-200; Summary: This article gives an overview of the common criteria which are international criteria. According to the authors. The purpose of the criteria is to allow organizations to demonstrate conformance of its product to its security targets. The author describes the process of the Common Criteria Evaluation. It also explains the security targets, protection profile, and the different evaluation levels.
"Common Criteria: Apple's Ongoing Commitment to Security," - Summary: This whitepaper regarding Apple's Computer Commitment to Security. This article also describes the process of the common criteria. The paper goes on to say how Apple subscribes to the common criteria to ensure a product that the clients can trust. Apple is also in the process of getting the MAC OS X and MAC OS X Server certified under the common criteria."An Overview of the International Common Criteria for Information Technology Security Evaluation," - Author: Nortels Network; Summary: This article gives good background on how the common criterion was established. It is recoginized by 23 countries and based on the US government Trusted Computer System Evaluation Criteria, Canada's Trusted Computer Product Evaluation Critireia, and Europe's Information Technology Security Evaluation Criteria, which combined work from the Netherlands, France, Germany, and the United Kingdom. The article also touches bases on new mandates for the common criteria certification, International CC testing authorities, protection profiles and security targets, and evaluation assurance levelsCommon Criteria Overview - The site provides information regarding the origins of the common criteria as well as discussion boards for users to discuss the criteria. It provides links to explore in order to learn more about the details of the common criteria including security functional requirements, security assurance requirements and evaluation assurance levels.
Locking Up: Security To-Do List - October 15, 2001; Author: Karyl Scott; Summary: The article lists and discusses items that should be considered in the evaluation of computer systems for security. Most companies are looking more seriously than ever at security and new initiatives are receiving greater financial support than they have in the recent past. Experts advise businesses to re-evaluate computer security practices in the wake of the Sept. 11 attacks.Database Servers Take the Security Test! - Mike Chapple; Summary: Are you kept awake at night with fears about undiscovered security flaws in your database server? You're not alone! Many database professionals hesitate to blindly trust the assurances they receive from vendors that a product is secure. According to the article, the National Security Agency (NSA) recently evaluated products under the Trusted Computer System Evaluation Criteria (TCSEC) and determined which were inherently secure enough for use on classified government computer systems. The criteria, released in 1985, are the yardstick against which the nation's computer security experts evaluate information systems.Security Tips List - Date: February 18, 2002; Author: National Cyber Security Alliance; Summary: The article offers ten suggestions for evaluating computer systems and products for security. The article discusses passwords, firewalls, email, software, and other important computer system items relating to the evaluation of computer systems and products for security. The article states that one should avoid being caught off guard or unaware.
Trusted Product Evaluation Program Overview - Summary: In 1981, the Department of Defense assigned responsibility for computer security to the Director of the National Security Agency (NSA). In January 1996, the United States, United Kingdom, Germany, France, Canada, and the Netherlands released a jointly developed evaluation standard for a multi-national marketplace. Under the Trusted Product Evaluation Program (TPEP), vendors approach NSA with their commercial-off-the-shelf (COTS) computer security product requesting an evaluation that targets a particular level of trust rating. Evaluators working under TPEP use the Trusted Computer System Evaluation Criteria (TCSEC) and its interpretations to assess how well the product meets the requirements for the targeted rating. The results of the TPEP evaluations are published quarterly in the Evaluated Products List (EPL).Trusted Product Evaluation Program - In-Depth detail of how TPEP works, how a vendor would get software products evaluated, and what happens afterwards. Sections include: Overview, eligilibity, pre-evaluation, evaluation, and post-evaluation ("rating maintenance")Automating The Common Criteria Evaluation Process by Ruben Prieto-Diaz; This is an interesting article regarding the need for research about automating the common criteria evaluation process. The article provides background information on the common criteria as well as justification for automating this process.
SHIELDS UP! - a website by "shields UP" this is a Internet security vulnerability profiling services, that will do a vulnerability test against your personal computer. This includes a test against all your available ports and services. The end result would be for you to download and purchase their software, but the test itself could be very useful to any security conscious person.AuditMYPC - A vulnerability testing service for personal PC's, similar to the shields up website, but more indebt, this site has the ability to return/and remove known spy ware, it also has a much more extensive library of security topics. This site can give you some great insight into the numerous areas that must be tested and addresses in doing an assessment; it will also open your eyes to your current level of visibility on the 'net.Security testing bulletproofs your apps - by Ronald Anthony Lewis; A 5 step process for software testing that every developer should know and do. This is an easy to read article with some very practical advice on testing.
Systems Testing by Ian Somerville; This presentation outlines the areas of importance for testing a computer system. The idea behind this presentation is that the system must be tested as a whole to see if it meets the requirements and needs of the users.A Structured approach to security testing. - According to this article " a combination of testing methods tailored to the threat model and security policies affords the most effective strategy." This article discusses many overlooked avenues for penetration and vulnerability testing including, social engineering, internal server penetration and internal personal vulnerabilities.Computer Security Evaluation FAQ - Feb. 18, 1998; This FAQ answers many questions regarding the evaluation of trusted products. The site is fairly outdated but still provides many answers to common questions.
Trends in Government Endorsed Security Product Evaluations by Richard E. Smith; This paper presents trends in the use of government endorsed security product evaluations between 1984 and 1999. The paper attempts to explain the popularity and breakdown of the different evaluation criteria. It also touches on the levels of assurance that evaluations have achieved.This site discusses 25 companies and their products that have been certified by ICSA Labs (an independent division of TruSecure Corp.). An example of the 25 companies and their products are: Allied Telesyn-AR450S Series Router, Linksys Group Inc. - Etherfast Cable/DSL VPN Router, and Symantec - Enterprise VPN (Solaris SEVPN).
The site is an excellent location to find information that the National Institute of Standards and Technology recommends pertaining to security and security products and systems. An excellent section is the Draft Federal Guideliens Issued for Computer Security. This section also includes NIST's computer scientists seeking public comments on the new draft.This site describes the Biometric applications and development tools that support a variety of Biometric devices.This site is a good site that provides a public infrastructure for intrusion detection to share information about attacks all over the world.
"An Introduction to Intrusion Detection," Author: Aurobindo Sundaram, ACM Crossroads Student Magazine, 1996; Summary: This is a very informative paper. It starts out by giving a brief overview of introduction of Intrusion Detection (Attempt) from the 1980s by Anderson. The paper tells us that there is no system that is free of a possible attack and there needs to be some method in place detecting possible intrusions on a system. The author of the paper breaks intrusion into 6 different categories, attempted break-ins, masquerade attacks; penetration of the security control system, leakage; D.O.S. and Malicious use and gives an explanation of each."Adoption of IPS increasing, cautiously," Author: Ellen Messmer, Network World, November 17, 2003, Summary: This article is about the introduction of a new product, IPS- Intrusion System Prevention Systems. This is a system that is set up to allow you to potentially prevent an intrusion instead of monitoring an intrusion using the intrusion detection system. The product is still in its testing phases. The article states they system is like any other it still may have its false positives and in some cases the false positives are real. It is being tested by a company in Roswell, GA. So far the system was able to prevent a series of attacks to the companies system by an individual's computer that was loaded with viruses and Trojan horses."False positives remain a major problem," Author: Joel Snyder, Network World, October 13, 2003; Summary: This was an informative article. Intrusion Detection Systems are a good tool for any network administrator to use to help detect intrusion on the network. However, IDS generate an overwhelming number of False positives that the Network Administrator must read to everyday. According to the article the number of reports are becoming less and are easy to maneuver through. However, the generated reports will not reveal information such as the offending packet or how the possible intrusion occurred.
Firewalls and the Business Process - IT Week (UK); Summary: The article is about firewalls. According to the article, firewalls, properly implemented, should support the business process, not hamper it. The main schools of thought when specifying and configuring firewalls follow either path of most resistance - denying any access at all, or the path of least resistance - allowing any form of access, while keeping the internal network secure. Firewalls can be used to enhance and improve the way a corporation accesses information.Internet Firewalls - Date: August 12, 2002; Author: Tony Northrup; Summary: The article defines and compares software and hardware firewalls and states that one of the best ways to protect a PC or a home or small business network from malicious hackers is to use a firewall. Consumer-level firewalls provide good security without requiring that one become a computer security expert. A firewall is a security system designed to prevent unauthorized access from the Internet to or from a network. A firewall works by screening out many types of malicious traffic and can take the form of hardware, software, or both and the article attempts to help one choose the right one to use for a network.The Enemy Within: Firewalls and Backdoors - June 9, 2003; Author: Bob Rudis; Summary: The article presents an overview of modern backdoor techniques, discusses how they can be used to bypass the security infrastructure that exists in most network deployments and issues a wake-up call for those relying on current technologies to safeguard their systems/networks. Before a discussion of modern backdoor techniques can take place, it is necessary to first look at what obstacles an attacker must get through. Firewalls are an integral part of a comprehensive security framework for a network. If they are relied on too heavily they can also be the weakest link in a defense strategy.
Guide To Intrusion Protection - October, 2002; Author: Pete Lindstrom; Summary: The article states that in addition to the host application tools discussed, the broad term "intrusion prevention" encompasses several other classes of tools that protect hosts, Web applications and networks by actively blocking malicious actions. The article is divided into the following categories: trusted operating systems, web server shields web application firewalls, and gateway IDS. All the intrusion prevention classes fall under a broader category of "application layer security" products except gateway IDS. Developed on the network side, gateway intrusion detection and prevention systems often combine multiple methods of intrusion detection, including protocol anomalies, traffic anomalies, and signatures, similar to network IDS solutions, and add firewall-like functionality as an inline packet router.IDS Is Dead -- Long Live IDS? - Date: June 27, 2003; Author: Phil Hollows; Summary: The article debates whether Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are obsolete. In fact, the Gartner Group, a well-known analyst firm pronounced that Intrusion Detection Systems (IDS) and their Intrusion Prevention Systems (IPS) offspring were a market failure and will be obsolete by the middle of the decade. The Gartner Group declared that IDS and IPS don't deliver the extra layer of security that was promised and that many IDS implementations have been ineffective. The article presents supporting evidence and arguments.
Making Sense of Firewalls - June 2002; Robert G. Ferrell; A short but informative article on firewalls, this article quickly describes the differences between packet filtering, circuit level gateways, and stateful inspection firewalls as well as some of the deployment considerations.How firewalls work - Jeff Tyson; a fairly in depth but non technical explanation of how a firewall works. This site is very useful in gaining a general understanding of how a firewall can be deployed to protect a network or system form unwanted intrusions.An Introduction to Intrusion Detection - Aurobindo Sundaram; 23-Jan-01; a very detailed and technical look at intrusion detection systems. This article covers a great deal of information on how some intrusion detection systems work. It gives a great deal of information in the difference between an anomaly based detections systems and a misuse detection system operates.
Sandbox The Hackers - Kelly Higgins; another approach to intrusion protection is described within this article. Sandboxing limits the users/systems actions at the desktop level. This approach adds yet another layer to the defense in depth mentality of a good network security officer.Home Network Security - Although, a little off topic for this discussion, this website give great information to the home user for protecting themselves against a possible attack. As quoted from the site "This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of "always-on" or broadband access services (such as cable modems and DSL). However, much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem)." Intrusion detection systems: Reducing network security risk - Symantec, April 03, 2003; A great and in-depth article on network security systems. This article explains the mentality of the defense in depth, explains the difference between a signature based and anomaly based IDS and the importance of a layered, vigilant, and active defense. Remember that security is a process not a product.
FAQ: Network Intrusion Detection System - March 21,2000; This FAQ offers general information about Intrusion detection systems. It explains the background of the necessity for IDS. It provides realistic scenarios regarding when an IDS is needed. It also offers information on limitations, firewalls and links to other IDS resources.Intrusion Detection FAQ- June 12, 2003; This is an updated intrusion detection FAQ. This FAQ provides basic information about IDS as well as theory, legal issues, management, scanners, OS specific questions, scenarios, intrusion detection products and research.The Evolution of Intrusion Detection Systems - Paul Innella, Tetrid Digital Integrity LLC, November 16, 2001; This site provides information regarding the history of the IDS. It begins by explaining the different components of IDS. A nice timeline is provided to explain the evolution as well as a decent description of the history of IDS. The article ends by examining the different players in IDS technology.
This site provides a great FAQ that explains what the information in the firewall log means. This site is well written and easy to understand. - January 2003Internet Firewalls Frequently Asked Questions - FAQ Maintainer: Marcus J. Ranum; This FAQ provides general information regarding firewalls. In addition to many topics, this FAQ touches on the designs of firewalls, the uses of firewalls, http use with a firewall, DNS use with firewalls, FTP use with firewalls and denial of service attacks.


Back to Information Assurance e-Library Index   Back to Information Assurance e-Library Index


Click here to return to Wayne's World's homepage: return to Wayne's World


written by Wayne Summers summers_wayne@ColumbusState.edu