You are here: silicon.com > Resources > White Papers > Desktops, Laptops and OS > Desktop Client OS > Linux - Open Source

Linux - Open Source White Papers

Backtracking Intrusions

Overview Analyzing intrusions is an arduous, largely manual task because system administrators lack the information and tools needed to understand easily the sequence of steps that occurred in an attack. The goal of BackTracker is to identify automatically potential sequences of steps that occurred in an intrusion. Starting with a single detection point (e.g., a suspicious file), BackTracker identifies files and processes that could have affected that detection point and displays chains of events in a dependency graph. The authors use BackTracker to analyze several real attacks against computers that they set up as honeypots. They have implemented BackTracker for Linux in two components: an on-line component that logs events and an off-line component that graphs events related to the attack.

Further White Paper Details
Publisher	Association for Computing Machinery	File Format	PDF
Date Published	October 2003
Format	White Papers
Topics	Linux - Open Source, Security Management, Intrusion Detection Systems

Did you find this white paper useful?

Intel Tools for Thread-Oriented Development on Linux

Publisher:
Intel

Web Hosting Company Easily Deploys New Server Solution on a Multiplatform Network

Publisher:
Microsoft

Tags:
customer support services

Business Integration Technology Case Study: Novus International

Publisher:
Business Integration Technology

Live From Redmond: Visual WebGui: Silverlight for Line-of-Business Application

Publisher:
Microsoft Tips

Tags:
graphics applications

Live From Redmond: Visual WebGui: An Enterprise AJAX Application in 20 Minutes

Publisher:
Microsoft Tips

Tags:
programming languages

Symantec streamlines network security

Finally, the ESM identifies instances in which employees and computers are not complying with a company's security policy. Corporate clients have been looking for ways to reduce the amount of time system administrators need to patch computers and...

Channel:
Security Strategy

Slammer time - SQL worm brings net to its knees over weekend

In its original description of the flaw, Microsoft explained the sequence of events: SQL Slammer's code instructs the Microsoft SQL Server to go into an endless loop, continually sending out data to other computers, in effect performing a denial of...

Channel:
Security Strategy

Windows worm now spreading

The component, known as the remote procedure call (RPC) process, facilitates activities such as sharing files and allowing others to use the computer's printer. The worm attacks Windows computers via a hole in the operating system, an issue...

Cisco battles Juniper with worms

This product passively identifies suspicious traffic and alerts network administrators. Okena's software agent sits on a user's PC and identifies malicious code in communications between network software systems.

Channel:
Security Strategy

Blaster dodges responsibility for US blackout

However, the working group decided not to analyze the logs of network devices, firewalls and intrusion detection systems, which could have given further evidence of any network attacks that coincided with the outage.

Channel:
IT Pro

Are we losing the security war?

We know from our own experience how rapidly the many different threats and attack platforms have evolved. The report notes that "56 million cyber events took place in the first six months of 2004 up from 500,000 events in 2002" and that one-fifth...

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Linux - Open Source White Papers

Backtracking Intrusions

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific