Site News

Science

A survey, shows that less then 40% of the British public feel they are well informed about science.

New Articles - Earth's Carbon Cycle Ultra Sonic Frogs Environmental Niche & Dinosaurs Seismic Waves Global Warming Life Support Systems Introduction to the Big Bang The Problem of Acid Rain

Our science section is in production with a proposed 1 Mar 07 "Grand launch" date.

Technology

The Linux Convert site explains how, even today, building your own linux box can be cheaper than getting an off the shelf Windows PC. There is a new article on why you should use linux there now.

New articles: Firewall Bypass Attack Snort For Newbies Malware and Intrusions Intrusion Detection Systems Malware, Trojans and Virus infections and Infection Removal

If you have any comments or suggestions for topics we should cover under the technology banner then please stop by the discussion board and let us know.

Intrusion Detection Systems

Introduction into Intrusion Detection Systems (IDS)

A network intrusion is made by a person, normally referred to as a "hacker" or "cracker", attempting to break into or misuse a system. Misuse is used in a broader sense, to mean something as severe as industrial espionage or stealing confidential data to something minor, such as misusing your email system for spam. A typical example is a Denial of Service Attack (DOS) where an attacker takes advantage of flaws in TCP three-way handshaking behaviour. The attacker makes connection requests aimed at the victim server with packets with unreachable source addresses. The server is not able to complete the connection requests and, as a result, the victim wastes its network resources. Even a small flood of bogus packets will tie up memory, CPU, and applications, resulting in the shutting down of a server. Another example is overt or stealth port scanning, indicated by a large number of TCP connection requests (SYN) to many different ports on a target machine.)

A NIDS may run ether on the target machine which watches its own traffic (usually integrated within the stack and services themselves), or on an independent machine promiscuously watching all network traffic (hub, router, probe). Network Intrusion Detection Systems monitor many nodes on a network, whereas Standard IDS monitor only a single machine (the one on which they are installed).

System Integrity Verifiers (SIV) monitor system files to find when a intruder changes them (thereby leaving behind a backdoor). The most famous of such systems is "Tripwire". A SIV may watch other components as well, such as the Windows registry and chron configuration, in order to find well-known signatures. It may also detect when a normal user somehow acquires root/administrator level privileges. Many existing products in this area should be considered more "tools" than complete "systems": i.e. something like "Tripwire" detects changes in critical system components, but doesn't generate real-time alerts upon an intrusion.

The second type of intrusion detection and the one that will receive the most focus within this document is a Log File Monitor (LFM.) LFMs monitor log files generated by network services

Page 1 - Page 2 - Page 3 - Page 4 - Page 5 - Page 6 - Page 7

XHTML CSS level 2 W3 Sites Any Browser GEO Url

Sci-Tech

RSS Feed

News Provided By The BBC