Archive for intrusion detection

You are browsing the archives of intrusion detection.

Snort

Snort is a free, open source, packet sniffing, protocol analyzing, intrusion detection engine that can be used for both network IDS (intrusion detection system) and IPS (intrusion prevention system) and can be linked to a variety of analysis front end interfaces. It runs on both linux and windows. Snort rules establish the parameters for packet […]

Federal Cyber-Security

NIST (National Institute of Standards and Technology) has provided Federal Agencies with all the tools they need to get cyber-security done right. But obviously, it’s not being done right yet at most agencies. Why not? Failure to understand the threat level – this was certainly once the top problem… maybe not so much anymore with […]

Incident Response

Federal agencies are required by law to report incidents to the US Computer Readiness Team (CERT) office in DHS and must have a formal incident response capability. INCIDENT RESPONSE METHODOLOGY Prepare – accumulate knowledge, resources, tools, team members and training needed to handle incident reponse. Provide feedback into other processes (patch management…) that may help […]

Situational Awareness

Situational awareness involves knowing where you are, and what is going on around you. For an attacker, figuring out where you are might seem to be a simple task, but it can be made more difficult by a variety of factors. Finding out what is going on around you can be much more difficult. Normal […]

Patch Management

Patch Management is a critical part of security.