IDS Resources

As you can probably tell by now, intrusion detection is not simply a matter of "plug-it-in-and-your- headaches -go-away." It requires monitoring, fine-tuning, and a willingness to keep your software and rules current with the day's threats. Although you should have plenty to start with, there are a number of additional intrusion detection tools and resources that you may be interested in. I recommend the following reading to help you get a better feeling for what is available and where IDS products are headed:

• Threat Management: The State of Intrusion Detection , Steven J. Scott, http://www.snort.org/docs/threatmanagement.pdf

• The Science of Intrusion Detection System Attack Identification , Cisco Systems, http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/prodlit/idssa_wp.htm

• A Distributed Autonomous-Agent Network-Intrusion Detection and Response System , Joseph Barrus, Neil C. Rowe, http://www.cs.nps.navy.mil/people/faculty/rowe/barruspap.html

• Intrusion Detection: A Brief History and Overview , Richard A. Kemmerer and Giovanni Vigna, http://www.computer.org/computer/sp/articles/kem/

• Network Intrusion Detection Signatures , Karen Frederick, http://online.securityfocus.com/infocus/1524

• The Use of Intrusion Detection in Securing Information Assets , Dr. David Dampier, Rayford B. Vaughn, Jr., http://www.wmrc.com/businessbriefing/pdf/securesystems2002/publication/vaughn.pdf

• Stateful Intrusion Detection for High-Speed Networks , Christopher Kruegel, Fredrik Valeur, Giovanni Vigna, Richard Kemmerer, http://www.computer.org/ proceedings /sp/1543/15430285abs.htm

• LaBrea . ntrusion detection software that works by "appearing" to be an entire network of virtual machines, waiting for connection attempts, then mishandling the connections so that the attacker is stuck in the connection negotiation phase and is effectively knocked out. http://www.hackbusters.net/LaBrea/