SecurityRatty: tag: ids

Setting up a Tarpit (Teergrube) to slow worms and network scanners using LaBrea (The "Sticky" Honeypot and IDS)

2008-06-26 01:14:22 by Editor in Irongeek's Security Site

...IDS A network Tarpit, sometimes know by the German word Teergrube, is a service or set of hosts that deliberately try to slow malicious network connections down to a crawl. The idea is to put up unused hosts or services on the network that respond to an attacker, but do things to waste their time and greatly slow their scanning (or spreading...

Tags: tarpit, network, teergrube, slow worms, network scanners, worms, network tarpit, labrea, german word teergrube

Massive Coordinated Patch Effort To DNS System Flaw

2008-07-08 17:56:25 by Editor in Cheap Hack

...IDs VU#927905 - BIND version 8 generates cryptographically weak DNS query identifiers The advisory lists 101 DNS servers, their status and the date of their last update. For the large majority of the servers the status is "Unknown," but several important ones are listed as Vulnerable and all of these were patched either today or late last...

Tags: microsoft monthly patches, microsoft, dns servers, isc bind, isc, servers, attacks, internet systems consortium, status

Giving Drivers Licenses to Illegal Immigrants

2008-02-13 05:57:39 by schneier in Schneier on Security

...IDs to every resident who applies, regardless of immigration status. Issuing them doesn't make us any less secure, and refusing puts us at risk The state driver's license databases are the only comprehensive databases of U.S. residents. They're more complete, and contain more information - including photographs and, in some cases,...

Tags: licenses, driver licenses, illegal immigrants, licenses helps, licenses andor, deny licenses, driver, law, respects law enforcement

IPS - is it soup yet? Mike Chapple says yes and no

2008-05-13 20:25:13 by HASH0x84725a8 in StillSecure, After All These Years

...IDS. In spite of what Richard Stiennon said back in 2003, it is still the fact. Those that have ventured beyond pure IDS do so on a limited basis. Mike lays out three best practices that most who are successful with IPS adopt Run the IPS in "monitor" mode until it's clear that the system is properly tuned . We have been recommending this with...

Tags: ips, line devices, devices, ips appliances, ips devices, mike, rules set, rules, mike chapple

Coral8: Event Stream Processing and Intrusion Detection

2008-01-03 09:08:00 by Tim Bass in The Complex Event Processing Blog

...IDS) using event stream processing to reduce false alarms, detect derived situations from the raw intrusion event data, and feed a security management visualization dashboard You can click on the teaser image below to seemoreof our first IDS screenshots from Coral8s Studio stream visualization tool If you click on theimage above, you will...

Tags: event stream, event, properties, total ids properties, ids, coral8 java apis, ids screenshots, reduce false alarms, similar integration

DHS notified the Greenville County School District of compromise

2008-01-07 09:08:03 by Evan Francen in The Breach Blog

...IDS/IPS and this is how it was detected. IDS/IPS takes a considerable amount of tuning and attention. A good IDS/IPS specialist follows-up on anomalies rather than just tuning the alert out. Good work on the part of DHS Past Breaches Unknown

Tags: computer, benefits department computer, benefits department, benefits department accesses, department, school district, school district employees, employees, homeland security

TSA Misses the Point, Again

2008-01-29 15:13:57 by schneier in Schneier on Security

...IDs more carefully , looking for forgeries: Black lights will help screeners inspect the ID cards by illuminating holograms, typically of government seals, that are found in licenses and passports. Screeners also are getting magnifying glasses that highlight tiny inscriptions found in borders of passports and other IDs. About 2,100 of each...

Tags: tsa, tsa screeners, tsa agent, tsa document checker, screeners, passenger ids, passenger, screeners inspect, airport

11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!"

2008-06-25 14:40:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...IDS is dead ", " NAC is dead ", " GRC is dead ", everybody is dead... WTF? Are we at the cemetery or what? Is "dead" dead? Yeah, but it came back as a zombie :-) So, "dead" is a "living dead" "dead" now. Ha*3 Finally, think! Why were you thinking of buying a SIEM? 'Cause the big "G" in the sky said so? And while you are thinking, check these...

Tags: siem, log management, siem require, log, siem toy, reinvent siem, siem vendors, dead, log type

Stiennon says NAC is dead - I must be in heaven!

2008-05-02 22:48:36 by HASH0x8472590 in StillSecure, After All These Years

...IDS was dead so many years ago. If NAC is only half as alive as IDS has been, I would be very happy. Why do I call Richard a gadfly? Because Richards MO is trying to find what the next hot thing is and to jump on it, then another hot thing comes by he runs to that and so on and so on. He thought anti-spyware was big and joined Web Root, after...

Tags: nac, solution, nac solution, nac vendors, market, stock market, nac market, richard, richard stiennon

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo