An essay by Dave Walker. If you deploy Solaris – or even if you don’t – and are thinking about IDS, go read.
Reinventing IDS – Intrusion Detection Systems, and Solaris
Comments
One response to “Reinventing IDS – Intrusion Detection Systems, and Solaris”
-
re: Reinventing IDS – Intrusion Detection Systems, and Solaris
I implemented a pilot NIDS for my current employer. My intention was not to necessarily use it as the first alert for possible security events, but merely to capture surrounding detail that could be analysed in the event of an event (e.g. what other machines did the source host touch, what commands did an intruder execute, what kinds of data did they transfer) to aid in cleanup when a nuke and reinstall isn’t pragmatic (in the short term, at least). Unfortunately, ‘inundation’ was very much the order of the day and Dave Walker’s comments about tuning ring particularly true.
Leave a Reply