IDS: 30-ish page whitepaper

["Golomb, Gary" <GGolomb () enterasys com>]

Hi there all!

On the subject of Pattern Matching vs. Protocol Decoding vs. Anomaly
Detection... (Hopefully this issue hasn't already been beaten to a
bloody pulp!)

By request of a few people, we recently re-released a paper on this
subject. (Originally written six to nine months ago, this new version
was condensed and updated a little.) It's a technical look at the
different methodologies available for performing Intrusion Detection
that expands heavily on the excellent article recently written by Matt
Tanase. It's not just marketing speak like other available whitepapers.
Half of this document is devoted to probe/exploit/compromise analysis
(then correlated to each of the various methods).

It should be an interesting read for those who are trying to get a
handle on all the buzzwords and the storm of marketing propaganda out
there! I couldn't attach it to this message (it bounced), but it's
available at
http://dragon.enterasys.com/downloads/ID_Methodologies_Demystified.pdf. 

Hope you find it relevant, accurate, and useful. Please feel free to
contact me with any questions or corrections. It's important for me to
keep this as precise and truthful as possible.

Thanks! :)

-gary


-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>