INTRUSION DETECTION: NETWORK
SECURITY BEYOND THE FIREWALL
This is the companion Web site
for a new, practical book about intrusion detection. Here you will find
interesting links to intrusion detection information as well as updates
to the material in the book. You can use this site to learn more about
this exciting topic, keep up with rapidly changing information on IDSs,
and get the latest news on intrusion detection systems (IDSs). If you're
interested in gaining an understanding of what an IDS can do for you,
jump to one of the following Web sites to order the book: Amazon,
Computer Literacy, or John
Wiley & Sons
Don't forget that a portion of
the royalties for this book go to the National
Children's Advocacy Center
Table of Contents
Part 1: Before Intrusion Detection:
Traditional Computer Security
1. Intrusion Detection and the
Classic Security Model; 2. The Role of Identification and Authentication
in Your Environment; 3. The Role of Access Control in Your Environment;
4. Traditional Network Security Approaches
Part 2: Intrusion Detection:
Beyond Traditional Security
5. Intrusion Detection and Why
You Need It; 6. Detecting Intruders on Your System Is Fun and Easy; 7.
Vulnerability Scanners; 8. UNIX System-Level IDSs; 9. Sniffing for Intruders;
10. Intrusion Detection for NT
Part 3: Maintaining a Safe
11. You've Been Hit!; 12. Intrusion
Detection: Not the Last Chapter When It Comes to Security; Appendix; References
Security Resource Clearinghouse A NIST site that contains comprehensive
listings of upcoming computer security conferences and workshops.
Advances in Intrusion Detection 98 Check out the Conference Program
for more details.
Intrusion Detection Systems Mailing
IDS mailing list archives.
Links to Companies and Products
Mentioned in the Book
- Security offerings by the world's
largest hardware and software company. Provides top notch remote intrusion
detection services which you can learn about at the Emergency
Response Service site.
Stalker, the award winning Unix system level IDS, the TIS
Gauntlet Firewall, the network auditing IDS CyberCop
(Ballista) , and other products in the
Total Network Security family. Check out the
vulnerability research lab.
- A security product which includes
an IDS component with some interesting features. Developed by Tivoli.
Security Systems (ISS)
- A leading provider of IDSs
for Unix and NT systems. RealSecure
is a real time network IDS for Unix and NT. Internet
Scanner and System Security
Scanner perform vulnerability checking of your systems. Visit the
X-Force hacker research team
pages. Sign up to join security mailing
- Provides system level and scanner
IDSs in its eNTrax.
Also offers the complementary CAST
tool for configuring audit policies across multiple NT systems. Centrax
has a very talented team of intrusion detection experts.
- Makers of Ballista and a great
group of security detectives who uncover flaws in numerous products.
Now part of Network Associates.
- Famous for identification and
authentication token devices and servers, such as the ACE Server. Parent
company of the leading crypto provider RSA,
Inc. and Intrusion Detection, Inc.
Kane Security Monitor, an audit trail analyzer for NT, and the Develops
Analyst, a scanner IDS for NT. Now part of Security
- Provides one of the best access
control products to date - SeOS,
along with several other interesting security tools. Soon to be acquired
- Offers Intruder
Alert (ITA), a real time IDS that runs across a wide range for platforms.
Check out the security experts on their SWAT
- Makers of (you guessed it)
Recorder. This is one heck of a product for network traffic analysis
and monitoring. Available with popular IDS attack signature monitoring.
- Developers of SessionWall,
a quality network level IDS.
- A leading network solutions
provider and the market leader in router products. Purchased the WheelGroup
and now markets security
solutions including NetRanger, a network IDS, and NetSonar, a vulnerability
scanner. Both products were developed by a team with intense, real world
experience in intrusion detection.
- The leading provider of firewalls
in today's marketplace.
- A respected provider of commerical
- Another major provider of commerical
CON - The annual hackers conference information page.
Hotlist - START HERE!
- The most thorough collection
of security related links available. Don't bother to maintain your own
list, just add this link to your bookmarks.
- Comprehensive download site
for papers and public domain tools.
- The site for information
on NT security bugs and fixes.
- Some of the best security problems
discovered, documented, and proved in source code by some of the best
Host and Network Security Tools
- Another site where you can
download public domain tools and papers for intrusion detection and
for computer security in general.
- Cracking tools and exploits
to test the weaknesses of your systems.
- Lots of security info and host
of the IDS mailing list archive.
- National Computer Security
Association . You'll find papers, evaluated products, lots of hot links,
and general security information.
- A good site for those interested
in understanding how SOCKS can be used to implement firewalls.
- Plenty of papers to read about
Web security standards and proposed standards.
- A leading research IDS program
since before the Morris Worm. Several papers are available for downloading.
This is where public domain tools such as COPS and TRIPWIRE originated.
- Another leading IDS research
program with dozens of papers available for download. Be sure to read
the historical work on DIDS.
Intrusion Detection Framework (CIDF)
- An active DARPA-funded research
program trying to link together different types of IDSs. CIDF research
is being carried out by many people at several different sites.
- The site where much of the
IDS work began. Here you will find many historical papers on early IDS
research as well as newer information at the next two links.
- One of the SRI projects with
roots in early IDS research. Go here to get the latest on a project
that draws from some of the most experienced IDS knowledge around.
- One of the most impressive
IDS projects in research today. Headed by Neumann, this project promises
to clarify a number of IDS issues.
- A new Yahoo link that contains
pointers to a wealth of knowledge about information warfare - an intriguing
topic about a very real threat.
FTP Sites for More Background
Papers on Computer Security
- Get the source, compiled binaries
for popular platforms, papers, and documentation for Kerberos V5. Check
out the FAQ for a quick introduction.
- Download papers about network
security from Morris, Bellovin, Cheswick, and others. Plenty of security
software (and other research prototypes) to fill up your hard disk.
- Make sure you read the important
RFCs on IPsec, TCP/IP, NFS, FTP, RADIUS, TACACS, digital signatures,
and dozens of others. These RFCs describe important security information
which hackers know to the last detail.
Incident Response Centers
Contact one of these sites if
you think you have been hit or are being targeted for attacks.
- Computer Emergency Response
Team (in the US). Check out this site for other links for your geography.
Be sure to sign up for regular notices and summaries.
- Forum of Incident Response
Teams. Actually, its membership is composed of several independent response
teams. Familiarize yourself with the FIRST links and processes so that
you will know what to do when hit.
Emergency Response Service
- Visit this site to learn about
outsourcing your security monitoring needs to the experts.
Timely. Practical. Reliable.