Re: RE: More on EMERALD

["Talisker" <Talisker () networkintrusion co uk>]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Bobby

I suspect the EMERALD central hasn't changed, but what they seem to have
developed is a Solaris HIDS agent which feeds into EMERALD the agent is
called eXpert-BSM, I think this is why there is a renewed interest in the
product

Andy
www.networkintrusion.co.uk Listing all known commercial IDS
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "b.g.miller" <b.g.miller () home com>
To: "Meritt, Jim" <Jim.Meritt () wang com>
Cc: "idsuow" <ids () uow edu au>
Sent: Friday, August 25, 2000 7:50 PM
Subject: Re: IDS: RE: More on EMERALD


> Archive: http://msgs.securepoint.com/ids
> FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner () uow edu au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
> --------------------------------------------------------------------------
---
> Paul Proctor (the original developer of CMDS) and I evaluated the earliest
incarnations of the SRI project - IDES and NIDES under a
> Navy study a number of years ago (before Teresa Lunt left for DARPA).  I
have to say, on face value, that it appears that very
> little has changed as far as system architecture or detection approach.
At the time we evaluated it as a sound product with great
> potential, but sorely lacking in the human factors end of things.  A Los
Alamos Labs effort called "Wisdom & Sense" was the only one
> we rated higher.
>
> Bobby Miller
> Information Assurance Consultant
> DynCorp Information Systems
>
> "Meritt, Jim" wrote:
>
> > Archive: http://msgs.securepoint.com/ids
> > FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> > IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > HELP: Having problems... email questions to ids-owner () uow edu au
> > NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> > SPAM: DO NOT send unsolicted mail to this list.
> > UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
>
> --------------------------------------------------------------------------
---
> > Has anyone outside of SRI evaluated this thing?  How might I see what
THEY
> > said?  Nothing against SRI or DARPA, but I'd really like to see some
> > independent (from the developer/pay the bills) information...
> >
> > Jim
> >
> > _______________________
> > The opinions expressed above are my own.  The facts simply are and
belong to
> > none.
> > James W. Meritt, CISSP, CISA
> > Senior Secure Systems Engineer at Wang Government Services, Inc.
> >
> > > -----Original Message-----
> > > From: Alfonso Valdes [mailto:alfonso.valdes () sri com]
> > > Sent: Thursday, August 24, 2000 8:07 PM
> > > To: idsuow
> > > Subject: IDS: More on EMERALD
> > >
> > >
> > > Archive: http://msgs.securepoint.com/ids
> > > FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> > > IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > > HELP: Having problems... email questions to ids-owner () uow edu au
> > > NOTE: Remove this section from reply msgs otherwise the msg
> > > will bounce.
> > > SPAM: DO NOT send unsolicted mail to this list.
> > > UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
> > > --------------------------------------------------------------
> > > ---------------
> > > Please visit our website http://www.sdl.sri.com/emerald/
> > > for more information about the EMERALD project.
> > >
> > > Currently, the only component available for download is our host-based
> > > monitor for Solaris, called eXpert-BSM. However, we plan to release
> > > evaluation versions of several other EMERALD components later
> > > this year,
> > >
> > > including a probabilistic anomaly detection monitor for
> > > network traffic
> > > and a suite of signature-based network monitors.
> > >
> > > The EMERALD Development Project Team
> > > System Design Laboratory, SRI International
> > > emerald () sdl sri com