InformationWeek
Defining The Business Value Of Technology
| May 4, 1998 | |||||||||||
Free Help For Intrusion Detection
By
Jason Levitt
In today's Internet environment, IT administrators must assume their LANs can be compromised.
Today's firewall systems are a first line of defense, but they generally don't help much when new
attacks are constantly being devised to thwart them.
CERT (Computer Emergency Response Team)
advisories periodically reveal the new attacks, but generally only after they've done their
damage. What many sites need is a customizable intrusion detection system that can help
identify intruders and their attacks. Such a system can help your site quickly respond to attacks
by revealing the exact nature of the attack and thus giving you the necessary information to
modify your defenses.
Alth
ough there are sophisticated intrusion detection capabilities in products from companies
such as CheckPoint Software Technologies Ltd. and Haystack Labs Inc., there is also a free
product being cooperatively developed that is worth looking at, especially if you're just getting
your feet wet with intrusion detection systems. The new set of public domain tools is called
CID, which stands for Cooperative Intrusion Detection (see Table 1 below). It is being developed
under the auspices of the SANS Institute and will be officially unveiled at the 7th SANS (System
Administration Networking Security) conference, May 7th through 15th, in Monterey, Calif.
Table 1.
CID Software
CID Documentation
http://www.nswc.navy.mil/ISSEC/CID/cider.doc
(Word
97 format)
Cooperative Security
CID won't be making the big splash that SATAN did, but, like its predecessor
, it's free software
that should help some sites identify how intruders are penetrating their security perimeter, and
provide clarity as to how intrusion detection systems operate. The goal of CID is to combine the
expertise of "dozens of sites" in order to provide a highly useful tool for detecting system
intrusion.
What exactly is CID? CID is essentially the venerable tcpdump (a customizable filtering program
that can grab every network packet that traverses over an Ethernet interface), a set of tools
written in Perl to arrange and analyze the results of the filtering, and some shell scripts to
manage the whole process.
The price of secure computing is eternal vigilance. Though the best solution to keeping intruders
out is to have one finger dexterously poised on the big, shiny red "off" button at all times, the
next best thing is to have virtual video surveillance on all the time. That's the sort of peace of
mind that CID can offer.
Note: Other useful freeware intrusion detection tools a
re being developed as part of the
Abacus Project at
www.psionic.com
.
|
|||||||||||
long time ago, some smart person noticed an inverse security relationship like this: The easier
an operating system is to use, the easier it is to compromise. Another smart person (no doubt a
burned-out security expert) noticed that the only truly secure computer system is the one locked
in a vault with the po
wer off. Until the Internet came along and made these pithy observations
cliché, the only place you'd find anything close to a secure operating system was in the
cloistered computer rooms of the U.S. military. These days, even those heavily guarded systems
are suspect.
Home | Career | Financials | NewsFlash
Resource Centers | Shop Talk | Search
Hebrew Senior Life seeking Network Analyst in Dedham, MA
True Circuits seeking Mixed-Signal IC Layout Engineer in Los Altos, CA
BP seeking Desktop Strategy and Planning Manager in Houston, TX
ITT seeking Senior Staff Engineer, Systems in Fort Wayne, IN
Agilent Technologies seeking Marketing Manager in Melbourne, AU
For more great jobs, career-related news, features and services, please visit our Career Center.
