ids

The business of utilizing an IDS

The business of utilizing an IDS

Andrew Wilson explains why fancy intrusion detection technology is worth little if it is not supported by sound, mindful business decisions
Jul 15 2004 11:58AM
IDS and Gartner: 12 months later

IDS and Gartner: 12 months later

Are intrusion detection systems really a waste of time? That was the accusation made in a controversial Gartner report last year. John Sterlicchi reports on how the IDS industry has moved to counter the charges
Jun 29 2004 11:43AM
IDS: Alarms, Not Walls

IDS: Alarms, Not Walls

Acronyms and coined phrases bedevil us, but during 2002, we probably aren't getting rid of them.
Jan 19 2004 11:14AM
Network IDS Shortcomings: Has NIDS Reached the End of the Road?

Network IDS Shortcomings: Has NIDS Reached the End of the Road?

The intrusion detection system (IDS) jumped from research labs and universities into being a standard information security safeguard in just several years.
Jan 19 2004 10:48AM
Lessons Learned in Global IDS Deployment

Lessons Learned in Global IDS Deployment

Intrusion detection systems (IDS) have been the subject of endless articles, conferences, and discussions.
Jan 15 2004 2:38PM
Do Firewalls and IDS Create a False Sense of Internal Security?

Do Firewalls and IDS Create a False Sense of Internal Security?

In an effort to boost sales and generate revenue, one U.S. multinational energy company recently embraced the Internet to bolster external communication and internal collaboration.
Jan 14 2004 4:36PM
Review: Entercept

Review: Entercept

Entercept falls into the category of an intrusion prevention system (IPS). In common with traditional host-based IDS, Entercept resides on the host itself, but it works at a much lower level than a normal HIDS system.

Apr 1 2003 12:00AM
Review: eTrust Intrusion Detection

Review: eTrust Intrusion Detection

This solution provides a network-based IDS, real-time session monitoring and internet/email content blocking. eTrust Intrusion Detection can be installed in standalone mode, or it can be distributed on separate machines. The intrusion detection program installs as a service under Windows NT/2000. As usual, the monitoring interface is a NIC in promiscuous mode, and therefore the presence of the IDS is concealed from the attacker.

Apr 1 2003 12:00AM
Review: Intrusion SecureNet System

Review: Intrusion SecureNet System

This solution is supplied as software, desktop or rack-mounted. Each network sensor is a separate appliance, handing high-availability, high-security 10/100 or gigabit monitored segments.Running on a hardened OS, based on Red Hat Linux, in a small installation it can be managed using a web-based interface, software or optionally as an appliance.

Apr 1 2003 12:00AM
Review: NetScreen-IDP100

Review: NetScreen-IDP100

NetScreen uses multi-method detection (MMD) in its IDS appliance, which also includes intrusion prevention options. MMD integrates stateful signature analysis with the detection of protocol anomalies, traffic anomalies, IP spoofing, layer 2 and SYN-flood attacks. Plus, it includes detection of 'backdoor' exploits and a network honeypot. The NetScreen IDP-100 is rated at 200Mbits/sec throughput, offering a choice of eight Fast Ethernet or two separate gigabit monitoring ports.

Apr 1 2003 12:00AM
Review: NFR NID-300

Review: NFR NID-300

This is a network-based IDS, supplied as an appliance. There are four versions of the NID-300 series - the difference being in the number and speed of the Ethernet interfaces. The top-of-the-range model has two 10/100Mbit and two gigabit network interfaces. One of these interfaces is always reserved for management, but the remainder can be used for monitoring. In this way, a single NID-300 can monitor load-balanced or failover WAN connections. By separating the management and monitoring interfaces, NID-300 can operate in stealth mode, as the monitoring interface does not respond to any network traffic or requests from any service on the monitored network.

Apr 1 2003 12:00AM
Review: RealSecure Network Sensor

Review: RealSecure Network Sensor

RealSecure 7.0 is the result of the integration between RealSecure and the BlackICE NIDS sensor technology. It runs on a dedicated machine and acts as a NIPS sensor to monitor a network segment, looking for intrusions or suspicious activity. If an intrusion is suspected, it can respond by recording details of the event. It can notify the network administrator, reconfigure the firewall, or terminate the event.

Apr 1 2003 12:00AM
Review: StealthWatch

Review: StealthWatch

StealthWatch employs a completely different approach to traditional IDS, based on signature recognition. Instead of looking for signatures, it 'learns' what kind of activity is normal on your network and looks for abnormal events. Behavior-based IDS has some advantages over signature-based IDS, because less processing power is required and previously unknown attacks can be detected.

Apr 1 2003 12:00AM
Review: Symantec ManHunt

Review: Symantec ManHunt

This software network-based IDS product requires a dedicated machine running Solaris 8 on either Sun SPARC or Intel hardware. The hardware specification depends on the amount of traffic to be monitored, and gigabit monitoring interfaces are supported. We were supplied with a pre-installed system running on a Dell PowerEdge rack-mounted server - however, customers would have to provide their own hardware; prices quoted are for software only.

Apr 1 2003 12:00AM
IDS (2003)

IDS (2003)

If a firewall is your first line of defense then an IDS should be your second. It's the burglar alarm of your vulnerability assessment tools. By Geoff Marshall

Apr 1 2003 12:00AM

Log In

Email:
Password:
  |  Forgot your password?