Re: ssh and ids
From: Gary Flynn (flynngn_at_jmu.edu)
Date: 06/21/04
- Previous message: Jose Nazario: "Re: Anomaly Based Network IDS"
- In reply to: Runion Mark A FGA DOIM WEBMASTER(ctr): "ssh and ids"
- Next in thread: Frank Knobbe: "Re: ssh and ids"
- Reply: Frank Knobbe: "Re: ssh and ids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Jun 2004 08:43:16 -0400 To: "Runion Mark A FGA DOIM WEBMASTER(ctr)" <mark.runion@us.army.mil>
Runion Mark A FGA DOIM WEBMASTER(ctr) wrote:
>Lets suppose the attacker is mildly sophisticated, and after making the
>initial assault
>
One chance to trip the IDS
> roots the box
>
Another chance to trip the IDS (or host integrity checking)
> and installs a secure backdoor or two
>
Another chance to trip the IDS.
>. Is
>there any IDS capable of isolating data it cannot read, except to monitor
>authorized port usage of a system or group of systems?
>
The Juniper/Netscreen IDP comes with a feature called Profiler
that you can set to discover and alert on new port or host
appearances. You set it to discover whats normal, then turn on
alerting.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Jose Nazario: "Re: Anomaly Based Network IDS"
- In reply to: Runion Mark A FGA DOIM WEBMASTER(ctr): "ssh and ids"
- Next in thread: Frank Knobbe: "Re: ssh and ids"
- Reply: Frank Knobbe: "Re: ssh and ids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
