I will use this page to collect IDS tips and resources. If there is a good
resource on the net which is not here, please let me know:
- Analysis Console for Intrusion Databases (ACID)
- Query-builder and search interface for finding alerts matching on alert meta
information (e.g. signature, detection time) as well as the underlying network
evidence (e.g. source/destination address, ports, payload, or flags).
- Packet viewer (decoder) will graphically display the layer-3 and layer-4
packet information of logged alerts
- Alert management by providing constructs to logically group alerts to create
incidents (alert groups), deleting the handled alerts or false positives,
exporting to email for collaboration, or archiving of alerts to transfer them
between alert databases.
- Chart and statistics generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
- Query-builder and search interface for finding alerts matching on alert meta
- BlackIce Pro
- Bro : Open Source IDS
- Bruce Schneier’s Computer Security: Will We Ever Learn?
- Buyer’s Guides for IDS
- Checklist : Intruder Detection Checklist
cert.org
- Cisco Intrusion Detection
- COAST Intrustion Detection pages tutorials,
links
- Cybersafe’s
Centrax
- Demarc Security’s Opensource IDS
PureSecure
- dIDS,
Introduction To Distributed Intrusion Detection Systems (Jan 2002)
- Deploying an Effective Intrusion Detection System
- DoxPara Research : tools for manipulating TCP/IP networks
- EagleX
EagleX is an IDS
environment using free software. Snort IDS (www.snort.org) and IDScenter
(www.packx.net) is the core of this distribution. With IDScenter you can setup
very fast a full working Snort IDS for your network. Apache server
(www.apache.org), PHP (www.php.net), MySQL (www.mysql.com) and ACID
(www.cert.org/kb/acid) are used to see latest alerts in a nice front-end, using
http authentication.
- Entercept, Intercepting Intrusions With Entercept
- Enterasys: Dragon
Intrusion Detection System
- Exchange Format : Intrusion Detection Exchange Format
- FAQs and papers for IDS
- Network Intrusion Detection Systems FAQ
- Papers
- Framework for Distributed Intrusion Detection using
Interest-driven Cooperating Agents
- Autonomous Agents for Intrusion Detection
- Large Scale Distributed Intrusion Detection Framework based on
Attack Strategy Analysis
- A Large-Scale Distributed ID Framework based on Attack Synergy
Analysis (Presentation)
- An Immunological Approach to Distributed Network Intrusion
Detection
- An
Introduction to Distributed Intrusion Detection
- Distributed
Intrusion Detection Systems: An Introduction and Review
- Micael: Autonomous Mobile Agent System to Protect NG Networked
Applications
- Mobile Agent Attack Resistant Distributed Hierarchical IDS Systems
- The Present
and Future of Distributed Intrusion Detection
- Using Snort
For a Distributed Intrusion Detection
- Framework for Distributed Intrusion Detection using
- SANS
- Sobirey’s Intrusion Detection Systems page
- Network Intrusion Detection Systems FAQ
- Firestorm NIDS
- Fport : Identify unknown open ports and their associated
applications
- Fragroute: NIDS testing revisited
- Gigabyte IDS
- Insertion, Evasion, and Denial of Service: Eluding Network
Intrusion Detection
- Intrusion Detection Methodologies Demystified
- Intrusion Detection articles ordered by the number of citations
- IDS
Group Test : www.nss.co.uk
- Informer
IDS Informer : test your IDS systems:
intrusion detection testing solution that utilizes Simulated Attacks For
Evaluation process to launch real but harmless attacks at IDS systems. IDS
Informer has the ability to run individual or groups of attacks, the speed of
which can all be throttled.
IDS Informer Attack Development Kit : allows any format packet capture to be
converted to the IDS Informer format enabling all of the advanced configuration
and security options currently available with the default attack library without
altering the overall structure of the capture
IDS Informer Command Line Interface : enables existing IDS Informer
Professional users to run multiple copies of IDS Informer from a single device
from a remote source. The CLI provides all of the configuration options
associated with IDS Informer with additional functionality to determine
configured groups and interfaces, available attacks and to schedule unattended
transmission of attacks.remote control of IDS Informer
- Interpreting
Network Traffic: A Network Intrusion Detector’s Look at Suspicious Events
tutorial
- Intrusion Signatures and Analysis book
recommendation
- Intrusion Signatures : Evaluating Network Intrusion Detection
Signatures
- Intruvert Networks
2G bit/sec+ capable, signature detection; anomaly
detection; DoS detection; virtual IDSs, $100,000+
- IPolicy Networks
4G bit/sec+ capable, carrier capable; run seven
security apps simultaneously; $125,000+
- ISS : Internet Security Systems
- ISS : Gigabit Ethernet Intrusion Detection Detection
- Locking
down NT host for Intrusion Detection
- LT Auditor+ : intrusion
detection/audit trail security software NT,
commercial
- Mailing list: There is an IDS mailing list hosted at [email protected]
To
subscribe send a message with following text to [email protected]
subscribe ids Your Name
- Mailing list
archive for IDS, Securepoint
- Michael Sobirey’s Intrusion Detection Systems page links
- Network
Computing’s Review of IDS August 2001
Computer Associate International’s eTrust, Cisco Systems’ Secure
IDS, CyberSafe Corp.’s Centrax, Enterasys Networks’ Dragon, Internet Security
Systems’ BlackICE ISS’ RealSecure, Intrusion.com’s SecureNet Pro, NFR Security’s
NFR Network Intrusion Detection System, Anzen Computing’s Flight Jacket,
open-source Snort, Symantec Corp.’s NetProwler.
- NIST Intrusion Detection Systems draft
- NIST Special Publication on Intrusion Detection Systems draft
- NFR Security commerical IDS products (Sept 2001)
- Passive
Mapping: An Offensive Use of IDS (Sept
2001)
- Planning Concerns, Considerations, and Tips for IDS in Federal IT
Systems SANs
- Sentinel :
fast file/drive scanning utility similar to the Tripwire and Viper.pl
unix
- Signatures:
- Network
Intrusion Detection Signatures Karen Kent
Frederick
- Network
- SNARE : System iNtrusion Analysis & Reporting Environment
auditing and intrusion detection on a wide
range of platforms
- Snort : The Open Source
Network Intrusion Detection System
- Steps for Recovering from a UNIX or NT System Compromise
- TCPDUMP
- TelemetryBox : Linux
based distribution designed especially for diagnostic purposes
- Terminology, Intrusion Detection Systems Terminology, part 1
(July 2001)
- Terminology, Intrusion Detection Systems Terminology, part 2
(July 2001)
- TippingPoint Technologies
2G bit/sec+ capable NIDS; traffic-specific attack
detection to limit false positives; protocol anomaly and traffic anomaly
detection, stateful inspection
- Vendors:
- Dragon
IDS Enterasys Networks
- Entercept : Intrusion prevention for enterprise servers
- GFI LANguard
Security Event Log Monitor
- NetIQ Security Manager
- Network-1 CyberwallPLUS
- Okena Stormwatch
- Pentasafe
VigilEnt Intrusion Manager
- RealSecure Network Protection
- Symantec HIDS
- Dragon
- Virtual Burglar Alarm – Intrusion Detection Systems pt1
- Virtual Burglar Alarm – Intrusion Detection Systems pt2
- Vulnerabilities of Network Intrustion Detection Systems :
Realizing and Overcoming the Risks