FRUUG - Front Range Unix Users Group
FRUUG home
meeting archive
about FRUUG
join FRUUG
contact info

August, 2000: Burglar Alarms for Detecting Intrusions

At our August meeting, Marcus Ranum of Network Flight Recorder discussed building burglar alarms for detecting network intrusions. The rationale for these burglar alarms is that, since firewall technologies do not provide 100 percent protection from hackers, it is important to have mechanisms in place to detect whether there has been a successful penetration into your internal networks and/or hosts, and to gather information on their activities so that they can be successfully prevented from doing damage.

Marcus made an analogy between network intrusion detection and home burglar alarms: like network firewalls, perimeter alarms on doors and windows detect the unsophisticated burglar that smashes a window and runs off with valuables in the home. The more sophisticated-- and more dangerous-- intruder manages to disable perimeter security and gather valuables undetected. The network burglar alarms that Marcus proposes are analogous to the pressure pad in front of the stereo or the sensor on the jewelry box-- their presence is unexpected and they successfully sound an alarm for an intrusion that would otherwise not have been detected.

The discussion of network intrusion detection techniques lead the group into discussing the controversy over the various ways in which information on security flaws should be disseminated, including: not at all, with a high degree of involvement from the implicated software vendor, or as a way to pressure vendors to improve the quality of their software. Marcus used as an example his early knowledge of an ftp protocol exploit that hackers didn't discover until years later. By not publicly announcing his discovery, he feels that he kept one more tool from the hacking community for a little longer.

Marcus' slides are available on our site (HTML) (PDF 116K).

Site Map Recruiter Info
February 15, 2009

February 2008: FRUUG Enters Quiescent Phase
After 27 years running, we're suspending operations.

Future Meetings:
None planned

Site by
Lone Eagle Systems, Inc.,
Hosted courtesy of Indra