Sign in to follow this  
Followers 0
G0053

intrusion deteciton

9 posts in this topic

I will be in a cyber security compition in feburary. It will cover most of the stuff i already konw except i know noting on intrusion detection i have done by basic google search on it but on good results. So before i spend a good two and a half hours trying to find that one good link i was wondering what people aready know about it.

P.S. i assume intrusion detection is like detecting hackers on a webpage.

also any pages or docs on firewalls, network and Physical security, crypto, public key or forensics security would also be very welcome

0

Share this post


Link to post
Share on other sites

From the SANS site

"Intrusion Detection, which is the art of detecting inappropriate, incorrect, or anomalous activity"

visit: http://www.sans.org/resources/idfaq/

as far as firewalls go, reading up on iptables is a pretty good primer. you could also take a look at

www.tkn.tu-berlin.de/curricula/NetworkSecurity/Handouts/13_Firewalls.pdf

for forensics, you could look at

www.wipro.in/resources/whitepapers/security_computerforensicsfinalarticlev2.pdf

and

http://www.forensics.nl/

let me know if you need more

Edited by s.in
0

Share this post


Link to post
Share on other sites

if you have time get a spare box and install snort!

http://snort.org/

some of the things an IDS can do is detect portscans, brute force attempts. They are usually packet sniffers built with rules. These rules usualy define when to take an action. They can also detect arpspoofing on a network usually.

Here is a list of rules from snort.conf


include $RULE_PATH/local.rules
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-php.rules
include $RULE_PATH/sql.rules

0

Share this post


Link to post
Share on other sites

I know that snort is what you need, maniac was doing a presentation on it at the 2600 meeting here on it and I can try to get it for you.

0

Share this post


Link to post
Share on other sites

Thanks snort had a lot of links on Intrusion Detection and that was very helpful the rest of the info I will try to find and wish me luck at the compition.

0

Share this post


Link to post
Share on other sites

I will be in a cyber security compition in feburary. It will cover most of the stuff i already konw except i know noting on intrusion detection i have done by basic google search on it but on good results. So before i spend a good two and a half hours trying to find that one good link i was wondering what people aready know about it.

P.S. i assume intrusion detection is like detecting hackers on a webpage.

also any pages or docs on firewalls, network and Physical security, crypto, public key or forensics security would also be very welcome

Check out ossec-HIDS (that's the Intrusion Detection Service I use, its comparable with snort, but its free!)

For Forensics check out a Live CD called "HELIX".

0

Share this post


Link to post
Share on other sites

i check out the live cd and it is pretty slick. thanks for the help.

0

Share this post


Link to post
Share on other sites

i don't know if this will be any use, it's an integrity checker. it takes checksums for all the files in a directory, then when you re-run it, it will tell you which files have changed. no network monitoring though.

http://www.snapfiles.com/get/fingerprint.html

NOTE: for total protection you should keep the file with all the checksums on a separate medium, that way it can't be modified

HIPS are very useful too, programs like System Safety Monitor, ProcessGuard, Prevx etc. they are application firewalls which monitor kernel hooks, driver installs etc.

you aren't using windows are you lol, sorry.

here are some crypto links -

http://www.ssh.fi/support/cryptography/index.html

http://www.simonsingh.net/Crypto_Links.html

http://www.cacr.math.uwaterloo.ca/hac/

http://www.unixgeeks.org/security/newbie/s...ty/crypto1.html

http://www.faqs.org/faqs/cryptography-faq/

aide is another intrution detection app for linux

here are some forensic livecds -

http://s-t-d.org/

http://fire.dmzs.com/

i think the experts use this one alot, it's not free.

http://www.asrdata.com/SMART/

Edited by iceni
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0