WebApp Sec: Re: Intrusion Detection

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Intrusion Detection

From: skarvin <skarvin () gmail com>
Date: Mon, 10 Jul 2006 10:19:41 +0200

Hi,

In my blog I have a simple list of steps to do this. It follows the
CERT's checklist (
http://www.cert.org/tech_tips/intruder_detection_checklist.html ) to
detect an intrussion and I've added more instructions to do this task.
http://skarvin.blogspot.com/2006/06/pasos-seguir-para-detectar-una.html

I hope this is helpfull for you.

PD: It's in spanish :)


On 7/10/06, David Robert <david31900 () rogers com> wrote:

Hello all,

I've been reading this list for some time and I can't help but notice that
there is a lot of information and discussion about securing systems, but
very little about how to detect if you *are* compromised.

This one of my major concerns.  I can advocate all kinds of practices and
procedures, but eventually someone will get through.  So how can I tell?
Especially if they are trying not to leave traces?

Is there a few very simple, dumb things that everyone should do in this
regard?  If so, then I haven't heard them.  If you could list them, or point
me to some good resources, it would be much appreciated.

Thanks,


-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------




--
Un saludo,

skarvin
weblog: http://skarvin.blogspot.com

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-levelattacks that hackers use to sneak into web applications today. Thiswhitepaper will discuss how traditional CSS attacks are performed, how tosecure your site against these attacks and check if your site is protected.Cross-Site Scripting Explained - Download this whitepaper today!


https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------

By Date By Thread

Current thread:

Intrusion Detection, (continued)
- Intrusion Detection David Robert (Jul 09)
  - Re: Intrusion Detection Ivan Ristic (Jul 10)
  - Re: Intrusion Detection Jamie Riden (Jul 10)
  - Re: Intrusion Detection Daniel Cid (Jul 11)
    - Re: Intrusion Detection David Ryan (Jul 12)
  - Re: Intrusion Detection skarvin (Jul 12)
- Re: DMZ and critical data sarbanha (Jul 09)
  - Message not available
    - Re: DMZ and critical data Ken Adler - QDSP, CISSP, PMP, CISA (Jul 09)