RE: Target based IDS review and discussion in Information Security

• Previous message: Martin Roesch: "Re: Target based IDS review and discussion in Information Security"
• Maybe in reply to: Joel Snyder: "Target based IDS review and discussion in Information Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 13 Jan 2004 19:03:44 -0700
To: "Richard Bejtlich" <richard_bejtlich@yahoo.com>, <focus-ids@securityfocus.com>

I agree, Becky Bace's term mentioned is not applicable to Intrusion
Detection as it is known today. Her assumptions were solely based on
host-integrity

/mark

-----Original Message-----
From: Richard Bejtlich [mailto:richard_bejtlich@yahoo.com]
Sent: Monday, January 12, 2004 4:32 PM
To: focus-ids@securityfocus.com
Subject: Re: Target based IDS review and discussion in Information
Security

Regarding Becky Bace's use of the term "target-based
IDS":

Her "Intrusion Detection" has a 2000 copyright. On page 38 she says:

"Target-based monitors function a bit differently from the other
monitors...[they] use cryptographic hash functions to detect alterations
to system objects and then compare these alterations to a policy."

She's talking about integrity verification software like Tripwire.

This 31 Oct 00 post to focus-IDS by Gene Kim mentions this specifically:

http://archives.neohapsis.com/archives/sf/ids/2000-q4/0071.html

Marty coined the term "target-based IDS" with respect to non-Tripwire
implementations as far as I can tell.
:)

Sincerely,

Richard Bejtlich
http://www.taosecurity.com

__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus

------------------------------------------------------------------------

---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Martin Roesch: "Re: Target based IDS review and discussion in Information Security"
• Maybe in reply to: Joel Snyder: "Target based IDS review and discussion in Information Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Private IP address with yahoo messenger ... You can test it using yahoo booters and an authentic yahoo id both ... 2.Through packet malformation you can get information of the target IP ... Simply typing the text in chat window. ... thorough forensic analysis of the packets coming from target. ... (Security-Basics) Re: Make ... > I am using the make utility to build a shared object. ... make the target depend on the ... Do You Yahoo!? ... Mail has the best spam protection around ... (RedHat) RE: [Full-disclosure] Vunerability in yahoo webmail. ... Since yahoo isn't known for fixing bugs fast unless it's serious (and ... The exploit is turned into a script-kiddish interface. ... an email with the exploit is sent to the target ... (Full-Disclosure) Save Target As ... When I choose to save a message from my Yahoo! ... I generally do this: from my inbox (or ... outbox or sent box) ... Select "Save target As" - then I save it to a folder on ... (microsoft.public.internet.mail) how to make my RAID device WORM(write once and read many) ... I am working Raid5 storage device and i want to make ... I formated the target device in vfat, ... i am mounting the device in host machine it should ... Do you Yahoo!? ... (freebsd-questions)