Jen,
think "Intrusion Detection System". =) Take a look at something like Real
Secure. Firewalls typically don't have enough intellegence to decide
whether or not traffic looks "suspicious" or not. It evaluates the packet
agains the policy and either forwards it or doesn't.
IDS's are designed to look for suspicous activity on the network (network
based IDS with probes that work like sniffers [Real Secure, Network Ice,
NFR, Net Ranger, etc.]) and on specific hosts (host based agents that
monitor key servers from the inside [Real Secure, Network Ice, Net
Prowler, etc.].
There is an IDS newsgroup if you are interested.
[EMAIL PROTECTED]
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Tue, 13 Jul 1999, Jen wrote:
> Okay, maybe I should have narrowed the question ... I'm pretty aware of
> where to get copies of BO2K, and where to go for info. What I was asking
> was how in particular does one detect something that could come in many
> different forms (since source code is being released)? Preventative
> measures are good, but I'm also interested in contigency measures.
>
> For example, is there a way to setup a firewall to detect suspicious
> traffic? Failing that (and leaving the specific scope of this list), is
> there a centrally managed tool that can monitors all of the running
> processes on each workstation, and report anomalies? Ideally, the checking
> would involve a lot more than just tracking the process name, but it would
> be a good start. I'm sure that the people on this list can think of
> something even more clever ...
>
> Jen
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
