Intrusion Detection Related Information:
[note this is a bare scraping of what's out there, send me links if you think they should be added]
[Its been
- Bro [Can
you ask for a better name?]
- The
COAST Intrusion Detection Pages
- COAST's
Intrusion Detection Hotlist
- IDS FAQ by
Robert Graham
- Intrusion
Detection Systems: Suspicious Finds: Page 1
- The
DARPA Common Intrusion Detection Framework
-
Michael Sobirey's IDS page - Links to a number (64)
ID products/systems.
-
SecureZone! Index of Software:Intrusion_Detection
- Intrusion
Detection - several pages of links to Intrusion
Detection information, systems, etc.
IDS Papers
- NFR:
Implementing a generalized tool for network
monitoring - NFR's 1997 LISA paper describing the NFR
system and the experiences building and using the system.
- Eluding Network
Intrusion Detection - Secure Networks paper
describing a number of flaws in IDS.
Some companies involved in Intrusion Detection:
- Axent
- Intrusion
Detection Inc. - makers of the Kane systems, they are
now owned by Security Dynamics.
- ISS
- Lucidian
Technologies - well, it was. Lucidian is now dead
- Network Associates
- NETECT - makers
of HackerShield - looks to me more like a security
scanner than an IDS (as I perceive an IDS).
- NFR
-
Hiverworld -
Taking a look around hiverworld.com again, I'm still
not sure what they're product really is, so I'll quote
them:
A vulnerability-scanning engine that continuously moves through the network, Swarm locates and examines devices from all perspectives, identifying and assessing potential threats.
Sounds to me even more like a vulnerability scanner, not an IDS. For awhile the stuff they had looked like a scanner that would feed (if you will) a network map to IDS engines. This is a pretty cool idea, it solves several of the 'which way should we process this packet' type problems for IDS engines, assuming the scanner can keep the IDS engines updated properly (a loaded phrase IMHO).
Unchecked (by me) links can be found here.
About this page:
I started this after a request on the IDS mailing list based at UOW in Australia (ask majordomo@uow.edu.au for help).
This page is currently woefully incomplete, it's meant to be a start so that we can build up a nice resource for people who are interested in intrusion detection.
Current plans for expansion:
- Create separate sections for host-based and
network-based intrusion detection.
- Fill in those sections.
- Fill out the list of companies who are involved in
intrusion detection (no slights meant at this time, just
picked a few off the top of my head, send me a note if you want
me to add your company to the list).
- Write (or have someone else write (hint, hint)) some
actual content about intrusion detection.
- Get a good FAQ here.
- ...
Disclaimer: I used to work for Lucidian Technologies and have never been speaking for Lucidian with these pages. These pages are for anyone who is interested in intrusion detection.