Re: RE: More on EMERALD

["b.g.miller" <b.g.miller () home com>]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Paul Proctor (the original developer of CMDS) and I evaluated the earliest incarnations of the SRI project - IDES and 
NIDES under a
Navy study a number of years ago (before Teresa Lunt left for DARPA).  I have to say, on face value, that it appears 
that very
little has changed as far as system architecture or detection approach.  At the time we evaluated it as a sound product 
with great
potential, but sorely lacking in the human factors end of things.  A Los Alamos Labs effort called "Wisdom & Sense" was 
the only one
we rated higher.

Bobby Miller
Information Assurance Consultant
DynCorp Information Systems

"Meritt, Jim" wrote:

> Archive: http://msgs.securepoint.com/ids
> FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner () uow edu au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
> -----------------------------------------------------------------------------
> Has anyone outside of SRI evaluated this thing?  How might I see what THEY
> said?  Nothing against SRI or DARPA, but I'd really like to see some
> independent (from the developer/pay the bills) information...
>
> Jim
>
> _______________________
> The opinions expressed above are my own.  The facts simply are and belong to
> none.
> James W. Meritt, CISSP, CISA
> Senior Secure Systems Engineer at Wang Government Services, Inc.
>
> > -----Original Message-----
> > From: Alfonso Valdes [mailto:alfonso.valdes () sri com]
> > Sent: Thursday, August 24, 2000 8:07 PM
> > To: idsuow
> > Subject: IDS: More on EMERALD
> >
> >
> > Archive: http://msgs.securepoint.com/ids
> > FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> > IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > HELP: Having problems... email questions to ids-owner () uow edu au
> > NOTE: Remove this section from reply msgs otherwise the msg
> > will bounce.
> > SPAM: DO NOT send unsolicted mail to this list.
> > UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
> > --------------------------------------------------------------
> > ---------------
> > Please visit our website http://www.sdl.sri.com/emerald/
> > for more information about the EMERALD project.
> >
> > Currently, the only component available for download is our host-based
> > monitor for Solaris, called eXpert-BSM. However, we plan to release
> > evaluation versions of several other EMERALD components later
> > this year,
> >
> > including a probabilistic anomaly detection monitor for
> > network traffic
> > and a suite of signature-based network monitors.
> >
> > The EMERALD Development Project Team
> > System Design Laboratory, SRI International
> > emerald () sdl sri com