[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS: Re: DARPA Event Monitoring Enabling Responses to Anomalous Live Disturbances

To: Dragos Ruiu <dr@v-wave.com>, Dragos Ruiu <dr@dursec.com>, "Meritt, Jim" <Jim.Meritt@wang.com>, 'Ids <ids@uow.edu.au>
Subject: Re: IDS: Re: DARPA Event Monitoring Enabling Responses to Anomalous Live Disturbances
From: Talisker <Talisker@networkintrusion.co.uk>
Date: Fri, 25 Aug 2000 11:00:04 +0100

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
Dragos
>No offense intended... just trying to lighten up your day, security is sooo
> serious sometimes.... :-)

None taken, I agree the signal to noise ratio on most vendor sites is way
too low, I have tried to address this by including a few salient points on
each product on my site below, however, these are usually cut from the
vendor websites.  It would be unfair to cut one right down and not another.
To be honest, the EMERALD description isn't as bad as some.

I also agree that security can be taken way too seriously, fortunately my
wife keeps reminding me to "Get A Life!!!"  On the subject I'm also looking
for some more computer security cartoons, any ideas?

Andy
www.networkintrusion.co.uk  Listing all known commercial IDS and a few good
freeware ones too
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.

----- Original Message -----
From: "Dragos Ruiu" <dr@v-wave.com>
To: "Dragos Ruiu" <dr@dursec.com>; "Talisker"
<Talisker@networkintrusion.co.uk>; "Meritt, Jim" <Jim.Meritt@wang.com>;
"'Ids" <ids@uow.edu.au>
Sent: Thursday, August 24, 2000 11:32 PM
Subject: Re: IDS: Re: DARPA Event Monitoring Enabling Responses to Anomalous
Live Disturbances


> On Thu, 24 Aug 2000, Talisker wrote:
> >
> > Just this it's pretty much verbatim from their site
> >
>
> Ok this is a little bit like unraveling assembler code.
> Call it Marketing Dissasembly Translation.... fortunately
> here at dursec, we've just finished our inverse marketing
> droid emulator, and we can just have Beaker feed the
> original text into the machine...
>
> Binary:
> > EMERALD's eXpert-BSM Monitor is a host-based intrusion detection system
that
> > provides realtime security monitoring for critical application servers
and
> > workstations. eXpert-BSM provides comprehensive knowledge-base for
detecting
> > insider misuse, policy violations, privilege misuse or subversion,
illegal
> > resource manipulation, and other site policy violations for Sun Solaris
> > operating systems.
>
> Source:
> Solaris HIDS with a ruleset.
>
> Binary:
> >This component is packaged and distributed as a full
> > intrusion detection solution, providing data collection, intrusion
detection
> > analysis, an alert management interface, and detailed response
directives.
>
> Source:
> Scripting, GUI
>
>
> Binary:
> > The EMERALD eXpert (pronounced E-expert) is a highly targetable
> > signature-analysis engine based on the expert system shell P-BEST.
Under
> > EMERALD's eXpert architecture, event-stream-specific rule sets are
> > encapsulated within resource objects that are then instantiated with an
> > EMERALD monitor, and which can then be distributed to an appropriate
> > observation point in the computing environment.  This enables a spectrum
of
> > configurations from lightweight distributed eXpert signature engines to
> > heavy-duty centralized host-layer eXpert engines, such as those
constructed
> > for use in eXpert's predecessors, NIDES (Next-Generation Intrusion
Detection
> > Expert System), and MIDAS (Multics Intrusion Detection Alerting System).
In
> > a given environment, P-BEST-based eXperts may be independently
distributed
> > to analyze the activity of multiple network services (e.g., FTP, SMTP,
HTTP)
> > or network elements (e.g., a router or firewall).  As each EMERALD
eXpert is
> > deployed to its target, it is instantiated with an appropriate resource
> > object (e.g., an FTP resource object for FTP monitoring), while the
eXpert
> > code base remains independent of the analysis target.
>
> Source:
> OO gobbledy gookized jargon offal for: you can run different reports and
> rulesets on different sensors from a db of rules and consolidate reports.
>
>
> No offense intended... just trying to lighten up your day, security is
sooo
> serious sometimes.... :-)
>
> cheers,
> --dr
>
> --
> Dragos Ruiu <dr@dursec.com>     dursec.com ltd. / kyx.net - we're from the
future
> pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D
> pgp key: http://www.dursec.com/drkey.asc
>

Prev by Date: IDS: Need Help with a possible DDoS tool
Next by Date: IDS: IDS (NetRanger) from Cisco
Prev by thread: Re: IDS: Re: DARPA Event Monitoring Enabling Responses to Anomalous Live Disturbances
Next by thread: Re: IDS: Re: DARPA Event Monitoring Enabling Responses to Anomalous Live Disturbances
Index(es):
- Date
- Thread