Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Good source of intrusion detection and response steps?

From: Philippe.Bourgeois () cnes fr (Philippe Bourgeois)
Date: Mon, 27 Mar 2000 12:23:47 +0200

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Some additional resources.
Most of them are out of the scope of this mailing-list (I think) ?
I'm expecting that could help you anyway.

Let me know if you know any other interesting resource about
that subject.

* How to deal with incidents :

 Responding to an incident :
   http://staff.washington.edu/dittrich/talks/security/response.html
   http://staff.washington.edu/dittrich/misc/faq/responding.faq
 Incident handling step by step :
   http://www.sans.org/y2k/DDoS.htm
 Is it relevant to perform a forensic analysis ? :
    http://www.forensic-computing.com/archives/vind.html
 Legal issues about forensics :  
    http://www.sans.org - see "Intrusion Detection FAQ / What are some
    acceptable procedures [..] that will result in court-admissible
    evidence ?"

* How to perform forensic analysis :

  Farmer and Venema :
     http://www.porcupine.org/book/courses/forensics
  Disk Examination procedure (on PC) :
     http://www.cops.org/procedure.html
     http://www.forensic-computing.com/archives/fundamentals.html

*** Philippe Bourgeois
Previous By Date Next
Previous By Thread Next

Current thread: