Posted by arlene

You have now taken a close look at Stalker and CMDS —two well-known system level UNIX IDSs. Both tools provide audit reduction but differ in primary focus. CMDS provides some attack pattern analysis, but its strength lies in the statistical anomaly detection techniques for which it is well known. Stalker also provides some statistical threshold notifications but boasts a wide range of attack patterns for catching intruders.

You also have seen how local users can hack a system for denial-of-service attacks and how to look for these attacks in the audit logs. An IDS will be able to detect these attacks if they are launched from your system because audit records contain detailed information about programs and their parameters. The audit system also assigns accountability in most cases when local users are the initiators of activities.

By far the greatest risk is not from denial-of-service attacks but from successful attempts by users to gain privileges. Sometimes privilege escalation can occur by tricking a user into running a command on your behalf. Other times, you can gain privilege by guessing someone’s password. The most frequently occurring hack announced on the Internet today is the buffer overflow attack against privileged programs. With a little digging, a cracker can gain access to a superuser shell via one of these attacks. Luckily, the most common cases surface in the audit logs with predictable patterns. Unfortunately, a general-purpose buffer overflow pattern is very difficult to build.

Although the audit logs provide a large amount of information about what’s happening on the system, they do not record all of the network activities for a system. Many of the network attacks on systems are thus not seen by system- level monitoring tools like Stalker and CMDS. Therefore, to complete your IDS solution, you need to deploy network tools as well. Turn to the next chapter to see how network sniffers catch problems that system IDSs and scanners miss.

Possibly related posts: (automatically generated)
Why You’re Not Finished Yet

• Communicating with Graphic Designers
• Professional Video Design and Presentation
• E-Building Blocks for Better Web Design
• VBScript and JScript continue...
• Distinguishing Between Subjective and Objective Issues: What Exactly Does a Picture Paint? (continue...)
• Communicating with Users
• Programming Chips and Automotive Parking System
• Web Technology & Ecommerce Online Solutions
• Distinguishing Between Subjective and Objective Issues: What Exactly Does a Picture Paint?
• Installing and Configuring Printers on Windows Servers Part 3
• Technology and Innovation