A Critical Analysis of Payload Anomaly-Based Intrusion Detection Systems

Examining payload content is an important aspect of network security, particularly in today\u27s volatile computing environment. An Intrusion Detection System (IDS) that simply analyzes packet header information cannot adequately secure a network from malicious attacks. The alternative is to perform deep-packet analysis using n-gram language parsing and neural network technology. Self Organizing Map (SOM), PAYL over Self-Organizing Maps for Intrusion Detection (POSEIDON), Anomalous Payload-based Network Intrusion Detection (PAYL), and Anagram are next-generation unsupervised payload anomaly-based IDSs. This study examines the efficacy of each system using the design-science research methodology. A collection of quantitative data and qualitative features exposes their strengths and weaknesses

Intrusion prevention systems: How do they prevent intrusion?

Intrusion Prevention Systems (IPS) are the latest in a line of products created to counter network attacks. This thesis has explored the history of products manufactured to protect network systems from attacks. An experiment was conducted to find out what an attack on a systems looked like and to gauge the success of current IPS software. Results indicated that current IPS were reasonably effective and that the methodology of attacking a system was predictable, allowing administrators scope for putting methods in place to counter attacks.UnpublishedAdomavicius, Gedas, 2003, Information Security, University of Minnesota, Website accessed 28 April 2004. http://ids.csom.umn.edu/faculty/gedas/6452/slides/IT5-6pp.pdf. Al-Shaer, Ehab, 2003, Why Network Security, DePaul. University, Website accessed 12 August 2004, http://www.mnlab.cs.depaul.edu/-ehab/Courses/TDC572/PDF/1-motive&attack.pdf. Alvarez, Sergio, 2004, Intro to Win32 Exploits, Hack3rs.org, Website accessed 14 September 2004, http://hack3rs.org/-shadown/Twister/papers/Intro%20to%20Win32%20Exploits.pdf Anderson, James P, 1980, Computer Security Threat Monitoring and Surveillance, Website accessed 23 April 2004, http://csrc.nist.gov/publications/history/ande80.pdf. Anon, 1997, IT security policies dated Computer Fraud & Security, 12, December p. 3. Anon, 2001, Microsoft make anti-hacker film Network Security, 6, 1st June, p.2. Anon, 2002, Where do all the hackers come from? Computer Fraud & Security, 3, 1st March, p. 2. Anon, 2002a, Italian police arrest hacker group Computer Fraud & Security, 2, 1st February, p.4. Anon, 2002c, Microsoft calls on hacker expert Computer Fraud & Security, 3, 1st March, pp. 3-4. Anon, 2003a, Computer security and operating system updates Information and Software Technology, 45 (8), pp. 461-467. Anon, 2003b, Hacker breaches 8 million credit card accounts Computer Fraud & Security, 3, March, p.l. Anon, 2003c, Hacker group - cracked Network Security, 2, February, p.3. Anon, 2003d, Hackers control 3 million servers Network Security, 7, July, pp. 1-2. Anon, 2003e, Black. Hat Conference: Not Just Hackers, Network Security, 9, September, pp. 5-6. Anon, A Hacker's Ethics and Hacking Methods, Virgina Tech, Website accessed 17th August 2004, http://courses.cs.vt.edut-cs3604/support/Assignments/Final.Assmt.F99/Hacking/handoutl.htm. Anti-Hack, 2001, History of Firewalls, Website accessed 2 May 2004. http://dmsweb.badm.sc.edu/mgsc890/firewalls/fire2.htm. Argus Systems Group, 2004, Data Sheet, Website accessed 20 July 2004, http://www.argussystems. com/product/overview/lx/#PitBull_LX Austen, J. 1997, Can the laws really cut down hacking? Information Security Technical Report, 2, (1), p.5. Boran, Sean, 2003, IT Security Cookbook, boran.com, Website accessed 3 May 2004. http://www.boran.com/security/index.html. Caswell, Brian and Marty Roesch, 2004, What is Snort?. Snort.org. Website. Accessed 31 May 2004. http://www.snort.org/about.html Cisco Systems, 2002, Evolution of the Firewall, Cisco Systems (28 September 2002), Website accessed 13 May 2004. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch3. htm. Citadel Security, 2003, Data Sheet, Citadel Security, Website accessed 20 July 2004, http://www.citadel.com/Downloads/Hercules_Datasheet.pdf Clark, Mark H. 2003, Hacker Culture. Isis, Philadelphia, 4, Dec, (4), pp. 776 - 7. Collett, Stacy, 2002, Manage Those Patches!, ComputerWorld Inc, Website accessed 6 September 2004 http://www.stbemard.com/products/updateexpert/reviews/CompWorld-Jul02.pdf Computer Advisory Incident Capability, 2004, NID Introduction, US Department of Energy, Website accessed 7 April 2004, http://ciac.11nl.gov/cstc/nid/intro.html Connolly, P. J., 2002, Why we hack, Info World, 12, Aug. 24 (32); p. 28. Conway, Maura, 2003, Hackers as terrorists? Why it doesn't compute, Computer Fraud & Security, 12 December, pp 10-13. Corbitt, Terry, 2003, Tracking the hacker, Management Services, 47, April, (4); pp. 20 - 21. Crosbie, Mark J. and Benjamin A. Kuperman, 2001, A Building Block Approach to Intrusion Detection, Recent Advances in Intrusion Detection. Website accessed 20 May 2004. http://www.raidsymposium. org/raid2001/papers/crosbie_kupeiman_raid2001.pdf. David, Jon, 2001, The Ins and Outs of Intrusion Detection, Network Security, 10, 31st October, pp. 13-15. David, Jon, 2002, Policy enforcement in the workplace, Computers & Security, 21, (6), 1 October, pp. 506- 513. Denning, Dorothy, E. 1987, An Intrusion Detection Model, IEEE Transactions on Software Engineering, Number 2, February, p. 222 Dictionary.com, 2005, Dictionag.com/patch, Lexico Publishing, Website accessed 6 September 2004, http://dictionary.reference.com/search?q-patch Dictionary.com, 2005, Dictionary.com/policy, Lexico Publishing, Website accessed 3 August 2004, http://dictionary.reference.com/search?q=policy Dictionary.com. 2004, Dictionary.com/firewall, Lexico Publishing Group, Website. Accessed 2 May 2004. http://clictionaryseference.com/searchArfirewall Dreyfus, Suelett, 2002, Cracking the hackers' code, August 20, http://smh.corn.au/articles/2002/08/20/1029114072039.html Durst, Robert, Terrence Champion, Brian Witten, Eric Miller, and Luigi Spagnuolo, 1999, Testing and evaluating computer intrusion detection systems, Communications of the ACM, 42 (7), July, pp. 53- 61. Entercept Security, 2001, Attackers And Their Tools: How Entercept Protects Servers, Entecept Security, Website accessed 1. 3 July 2004, http://www.nai.com/us/_tier2/productsLmedia/mcafee/wp_attackerstools.pdf Fitzgerald, Michael, 2004, Hackers, Crackers and Script Kiddies, ExtremeTech.com, January 8, p. 1. FreeBSD, FreeBSD Handbook, freebsd.org, 2004. Website accessed 2 May 2004. http://www.freebsd.org/doc/en_US.IS08859-1/books/handbook/firewalls.html. Furnell, S. M., and M. J. Warren, 1999, Computer hacking and cyber terrorism: the real threats in the new millennium? Computers & Security, 18 (1), pp. 28-34. Gordon, Lawrence A, Martin P. Loeb, William Lucyshyn and Robert Richardson, 2004, CSI/FBI Computer Crime and Security Survey, Computer Security Institute. Website accessed 13 July 2004, http://www.usdoj.gov/criminal/cybercrime/CSI_FBI.htm Govinda, S., 2002, Hacking and Intrusion Detection Management, University of Montana, Website accessed 17 August 2004, ncb.intnet.mu/ncb/events/cyber/pres4. ppt Grover, Sandeep, 2003, Buffer Overflow Attacks and Their Countermeasures, SSC Publications, Website accessed 12 August 2004, http://www.linuxjoumal.com/article.php?sid=6701 Hagopian, Stephanie, 2004, Network-Based Intrusion Prevention System Technology, SANS Institute, 7 April 2004, www.giac.org/practical/GSEC/Stephanie_Hagopian_GSEC.pdf Hancock, Bill, 1999, A unique Canadian approach Invite the hacker to nail your networks, Computers & Security, 18 (2), pp. 103-104. Hancock, Bill, 1999, Hackers attack US Government web sites in protest of Chinese embassy bombing, Computers & Security, 18 (4), p.279. Hancock, Bill, 2000, NASA Hacker Pleads Guilty, Computers & Security, 19 (8), 1 December, pp. 668- 669. Henning, Ronda, and Richard Caliari, 2003, Behavior-Based Intrusion Prevention, Harris Corporation, Website accessed 7 May 2004, http://www.stat.harris.com/solutions/bbip.asp HighTower Software, 2004, Towerview, HighTower Software, Website accessed 20 July 2004, http://www.hightowersecurity.com/ProdOverview.html Hunt, R. and T. Verwoerd, 2003, Reactive firewalls—a new technique, Computer Communications, 26, pp. 1302-1317. Hunter, Philip, 2003, Distributed Intrusion Detection Systems (DWS) can make security more adaptive, Network Security, 3, March, pp. 16-18. ICSA Labs. Online Firewall Buyer's Guide, ICSAlabs.com, 2004. Website accessed 28 April 2004. http://www.icsalabs.com/html/communities/firewalls/buyers_guide/index.shtml. Innella, Paul, 2001, The Evolution of Intrusion Detection Systems, Tetrad Digital Integrity, Website accessed 7 April 2004, http://www.securityfocus.com/infocus/1514. Internet Security Systems, 2004, Methods, Internet Security Systems, Website accessed 18 August 2004 http://www.iss.net/security_center/advice/Underground/Hacking/Methods/default.htm IT Security, 2002, Computer Security Dictionary, ITsecurity.com, Website accessed 2 May 2004, http://www.itsecurity.com/dictionary/dictionary.htm. ITsecurity.com, 2004, Attack, ITsecurity.com, Website accessed 31 August 2004 http://www.itsecurity.com/dictionary/attack.htm ITsecurity.com, 2004, Black Hats/White Hats, ITsecurity.com, Website accessed 6 August 2004, http://www.itsecurity.com/dictionary/black.htm Jackson, Jeromie, 1997, Making distinctions between firewall technologies, Computer Technology Review; Winter, p. 38. Johnson, Mark Webb, nd., Intrusion Detection & Prevention, Network Box Corporation. www.hkcert.org/ppt/event096/idp.pdf. Kovacich, Geald, L., 1995, Local Area Networks Security: Establishing Policies and Procedures, Network Security, 1, January, pp. 13-16. Krull, Joseph E., 2003, What to expect from your 1PS, Communications News, 40, October, (10), p. 19. Lim, Jeanee, 2003, Intrusion detection & prevention systems, Asia Computer Weekly June 30th, p. 1. Lindstrom, Pete, 2004, Intrusion Prevention Systems (IPS): Next Generation Firewalls, Website accessed 26 May 2004, www.forum-intrusion.com/SpireIPS_Whitepaper.pdf McAfee Security, 2004, McAfee IntruShield Security Management, McAfee Security, Website accessed 20 July 2004 http://www.networkassociates.com/us/products/sniffer/network ips/global_manager.htm McHugh, John, Christie, A., and Allen, J., 2000, The Role of Intrusion Detection Systems, IEEE Software, October 2000, Website accessed 28 May 2004. http://www.computer.org/software/so2000/pdf/s5042.pdf. Meyer, Helen, 1997, A History of Firewall Technology, Computers & Security, 16 (4), p. 331. Meyer, Helen, 1998, Is network intrusion detection software being used correctly?, Computers & Security, 17 (6), p.521. Microsoft Corporation, 2004, Microsoft Guide to Security Patch Management, Microsoft Corporation, Website accessed 6 September 2004, http://netsecurity.about.com/library/Microsoft_Guide_to_Security_Patch_Management_vl.exe Mogul, Jeffery C., 1989, Simple and Flexible Datagram Access Controls for Unix-based Gateways, USENIX Conference Proceedings, pp. 203-221. Najmi, 2002, Types of Attacks on Web Servers, AgMAY Inc, Website accessed 12 August 2004, http://www.techiwarehouse.com/Articles/2002-06-24.html Napier, Duncan, 2001, IPTables/NetFilter - Linux's next-generation stateful packet filter, Sys Admin, 10 (12), December, pp. 8-13. Netmaster, 2002, Dynamic Packet Filtering (DPF), NetMaster Digital Security, Website accessed 2 May 2004. http://www.netmaster.com/products/ggos-dpf.pdf. Netscreen Technologies, 2003, Comparison of Firewall, Intrusion Prevention and Antivirus Technologies, Netscreen. Technologies, website accessed 7 April 2004, http://www.ncs.cz-novinky/seminar/fw_idp.pdf. Network Associates, 2003, Intrusion Prevention: Myths, Challenges, and Requirements, Network Associates, Website accessed 5 April 2004, www.networkassociates.com/us/tier2/productsLmedia/sniffer/wp intrusionprevention.pdf Novell, 2000, Fundamentals of Packet Filtering, Novell.com,. Website accessed 28 April 2004. http://developer.novell.com/research/appnotes/2000/septembe/02/a0009023.htm. NSS Group, 2004, Intrusion Prevention Systems (IPS), The NSS Group Ltd, Website accessed 26 May 2004, http://www.nss.co.uk/WhitePapers/intrusion_prevention_systems.htm Okena Security, 2004, Storm Watch, UK Security focus, Website accessed 20 July 2004 http://www.uksecurityfocus.com/products/okena/ O'Rourke, Morgan, 2004, Cyber-Extortion. Evolves, Risk Management, 51, April, (4); p. 10. Packer, Ryon, 2001, Protecting the Network: NIDS: the logical first step in intrusion detection deployment, Network Security, 12, December, pp. 10-11. PC Help, 1999, What is a Firewall, PC Help, Website. Accessed 13 May 2004, http://www.pchelp. org/www.nwinternet.com/pchelp/security/firewalls.htm Philippsohn, Steven, 2002, Hacker attacks, Management Today, December, p. 42. Pierce, Barry. How Firewalls Work, San Jose State University, 2003. Website accessed 2 May 2004. http://www.cob.sjsu.edu/wong_r/b118/presentation/firewall-bp.html. Raikow, David, 2000, Grey Hats, Black Hats, and Script Kiddies, CNET Networks Inc, Website accessed 6 Spetember 2004 http://news.zdnet.co.uk/software/0,39020381,2078226,00.htm Red Hat Inc, 2004, Attackers and Vulnerabilities, Red Hat Inc, Website accessed 12 August 2004, http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/ch-risk.html Ronnau, Lou, 1999, Securing Routers Against Hackers and Denial of Service Attacks, Cisco Systems, Website accessed 17 August 2004, http://net-services.ufl.edu/security/itsa/attacks-ronnau.ppt. Roy Troxel, 2003, Social Engineering and other Low-Tech Hacking Methods, eDevCafe, Website accessed 12 August 2004 http://www.edevcafe.com/viewdoc.php?eid=472 Sana Security, 2004, Pre-empt and Defeat Automated Malware Attacks with Primary Response, Sana Security, Website accessed 20 July 2004, http://www.sanasecurity.com/products/index.php Schepers, F. 1998, Network- Versus Host-based Intrusion Detection, Information Security Technical Report, 3 (4), pp. 32-42. Schmidt, Charles and Tom Darby. The What, Why, and How of the 1988 Internet Worm, Snowplow.com, 2001. Website accessed 13 May 2004. Secure Computing, 2003, Intrusion Prevention Systems (IPS), Secure Computing Corporation, Website accessed March 2004, http://www.condyn.net/download/Intru-Preven-WP1-Aug03-vF.pdf Sheldon, Tom, 2002, General firewall Paper, WindowSecurity.com, Website accessed 28 April 2004. http://www.secinfnet/firewalls_and_VPN/GeneralFirewall_White_Paper.html Sonic WALL, 2004, SonicWALL Intrusion Prevention Service, SonicWALL, Website accessed 20 July 2004 http://www.sonicwall.corn/products/ips.html Sourcefire, 2003, Snort 2.0: Detection revisited, Snort. org, 1 February 2003, Website accessed 31 May 2004, http://www.sourcefire.com/technology/whitepapers/sfsnort20_detection_rvstd. pdf. Sundaram, Aurobindo, 1996, An Introduction to Intrusion Detection, Associates of Computer Machinery, Website accessed 9 April 2004. http://www.acm.org/crossroads/xrds2-4/intrus.html. Surfcontrol, 2004, Surfcontrol Resource Center , Surfcontrol, Website accessed 3 August 2004, http://www.surfcontrol.com/resources/aup/ Symantec Corporation, 2003, Knowledge Base Document, Symantec Corporation, Website accessed 20 July 2004 www.symantec.com Symantec Corporation, 2004, Symantec Internet Security Threat Report, Symantec Corporation, Website accessed 6 September 2004, https://enterprisesecurity.symantec.com/Content/displaypdf.cfm?SSL=YES&PDFID-1034 SysUpdate, 2002, Patch Management Best Practices Summary, SecurityProfiling.com, Website accessed 6 September 2004, www.securityprofiling.com/pdf/Patch_ Management_ Best_ Practices Summary.pdf. Talley, Brooks and Mark Pace, 2000, Choosing a firewall requires good advice, thorough knowledge of proxies and states, InfoWorld, 22, Jan. 10, p. 52. TechRepublic. Strengthen your network defences with these four steps, ZDnet.com, 2003. Website accessed 28 April 2004. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2913584,00.html. Techtarget. Dynamic Packet Filter, Techtarget.com, 2001. Website accessed 2 May 2004. http://searchnetworking.techtarget.com/sDefinition/0„sid7_gci212023,00.html. Unisys, 2004, Security Patch Management, Townsend & Taphouse, Website accessed 6 September 2004, http://www.itsecurity.com/papers/unisysl.htm University of Otago, 2004, Security Patching, Univerisity of Otago, Website accessed 6 September 2004, http://policy01.otago.ac.nz/policies/Verwoerd, Theuns and Ray Hunt, 2002a, usion Detection Techniques and approaches, Computer Communications, 24, pp. 1356-1365. Verwoerd, Theuns and Ray Hunt, 2002b, Security architecture testing using IDS a case study, Computer Communications, 25 (15), pp. 1402-1412. Von Solms, Basie and Rossouw von Solms, 2004, The 10 deadly sins of information security management, Computers & Security, 23 (5), pp. 371 – 376. Webopedia, 2004, What is a Firewall?, Jupitermedia Corporation, 2004. Website accessed 28 April 2004 http://www.webopedia.com/TERM/f/firewall.html. Webopedia, 2004, What is a Patch?, Jupitermedia Corporation, Website accessed 6 September 2004 http://www.webopedia.com/TERM/P/patch.html Whitman, Michael E and Herbert J Mattord, 2003, Principles of Information Security, Thomson Publishing. Wood, Charles Cresson, 1995, Writing InfoSec Policies, Computers & Security, 14, pp. 667-674

Intrusion prevention systems: How do they prevent intrusion?

Intrusion Prevention Systems (IPS) are the latest in a line of products created to counter network attacks. This thesis has explored the history of products manufactured to protect network systems from attacks. An experiment was conducted to find out what an attack on a systems looked like and to gauge the success of current IPS software. Results indicated that current IPS were reasonably effective and that the methodology of attacking a system was predictable, allowing administrators scope for putting methods in place to counter attacks.UnpublishedAdomavicius, Gedas, 2003, Information Security, University of Minnesota, Website accessed 28 April 2004. http://ids.csom.umn.edu/faculty/gedas/6452/slides/IT5-6pp.pdf. Al-Shaer, Ehab, 2003, Why Network Security, DePaul. University, Website accessed 12 August 2004, http://www.mnlab.cs.depaul.edu/-ehab/Courses/TDC572/PDF/1-motive&attack.pdf. Alvarez, Sergio, 2004, Intro to Win32 Exploits, Hack3rs.org, Website accessed 14 September 2004, http://hack3rs.org/-shadown/Twister/papers/Intro%20to%20Win32%20Exploits.pdf Anderson, James P, 1980, Computer Security Threat Monitoring and Surveillance, Website accessed 23 April 2004, http://csrc.nist.gov/publications/history/ande80.pdf. Anon, 1997, IT security policies dated Computer Fraud & Security, 12, December p. 3. Anon, 2001, Microsoft make anti-hacker film Network Security, 6, 1st June, p.2. Anon, 2002, Where do all the hackers come from? Computer Fraud & Security, 3, 1st March, p. 2. Anon, 2002a, Italian police arrest hacker group Computer Fraud & Security, 2, 1st February, p.4. Anon, 2002c, Microsoft calls on hacker expert Computer Fraud & Security, 3, 1st March, pp. 3-4. Anon, 2003a, Computer security and operating system updates Information and Software Technology, 45 (8), pp. 461-467. Anon, 2003b, Hacker breaches 8 million credit card accounts Computer Fraud & Security, 3, March, p.l. Anon, 2003c, Hacker group - cracked Network Security, 2, February, p.3. Anon, 2003d, Hackers control 3 million servers Network Security, 7, July, pp. 1-2. Anon, 2003e, Black. Hat Conference: Not Just Hackers, Network Security, 9, September, pp. 5-6. Anon, A Hacker's Ethics and Hacking Methods, Virgina Tech, Website accessed 17th August 2004, http://courses.cs.vt.edut-cs3604/support/Assignments/Final.Assmt.F99/Hacking/handoutl.htm. Anti-Hack, 2001, History of Firewalls, Website accessed 2 May 2004. http://dmsweb.badm.sc.edu/mgsc890/firewalls/fire2.htm. Argus Systems Group, 2004, Data Sheet, Website accessed 20 July 2004, http://www.argussystems. com/product/overview/lx/#PitBull_LX Austen, J. 1997, Can the laws really cut down hacking? Information Security Technical Report, 2, (1), p.5. Boran, Sean, 2003, IT Security Cookbook, boran.com, Website accessed 3 May 2004. http://www.boran.com/security/index.html. Caswell, Brian and Marty Roesch, 2004, What is Snort?. Snort.org. Website. Accessed 31 May 2004. http://www.snort.org/about.html Cisco Systems, 2002, Evolution of the Firewall, Cisco Systems (28 September 2002), Website accessed 13 May 2004. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch3. htm. Citadel Security, 2003, Data Sheet, Citadel Security, Website accessed 20 July 2004, http://www.citadel.com/Downloads/Hercules_Datasheet.pdf Clark, Mark H. 2003, Hacker Culture. Isis, Philadelphia, 4, Dec, (4), pp. 776 - 7. Collett, Stacy, 2002, Manage Those Patches!, ComputerWorld Inc, Website accessed 6 September 2004 http://www.stbemard.com/products/updateexpert/reviews/CompWorld-Jul02.pdf Computer Advisory Incident Capability, 2004, NID Introduction, US Department of Energy, Website accessed 7 April 2004, http://ciac.11nl.gov/cstc/nid/intro.html Connolly, P. J., 2002, Why we hack, Info World, 12, Aug. 24 (32); p. 28. Conway, Maura, 2003, Hackers as terrorists? Why it doesn't compute, Computer Fraud & Security, 12 December, pp 10-13. Corbitt, Terry, 2003, Tracking the hacker, Management Services, 47, April, (4); pp. 20 - 21. Crosbie, Mark J. and Benjamin A. Kuperman, 2001, A Building Block Approach to Intrusion Detection, Recent Advances in Intrusion Detection. Website accessed 20 May 2004. http://www.raidsymposium. org/raid2001/papers/crosbie_kupeiman_raid2001.pdf. David, Jon, 2001, The Ins and Outs of Intrusion Detection, Network Security, 10, 31st October, pp. 13-15. David, Jon, 2002, Policy enforcement in the workplace, Computers & Security, 21, (6), 1 October, pp. 506- 513. Denning, Dorothy, E. 1987, An Intrusion Detection Model, IEEE Transactions on Software Engineering, Number 2, February, p. 222 Dictionary.com, 2005, Dictionag.com/patch, Lexico Publishing, Website accessed 6 September 2004, http://dictionary.reference.com/search?q-patch Dictionary.com, 2005, Dictionary.com/policy, Lexico Publishing, Website accessed 3 August 2004, http://dictionary.reference.com/search?q=policy Dictionary.com. 2004, Dictionary.com/firewall, Lexico Publishing Group, Website. Accessed 2 May 2004. http://clictionaryseference.com/searchArfirewall Dreyfus, Suelett, 2002, Cracking the hackers' code, August 20, http://smh.corn.au/articles/2002/08/20/1029114072039.html Durst, Robert, Terrence Champion, Brian Witten, Eric Miller, and Luigi Spagnuolo, 1999, Testing and evaluating computer intrusion detection systems, Communications of the ACM, 42 (7), July, pp. 53- 61. Entercept Security, 2001, Attackers And Their Tools: How Entercept Protects Servers, Entecept Security, Website accessed 1. 3 July 2004, http://www.nai.com/us/_tier2/productsLmedia/mcafee/wp_attackerstools.pdf Fitzgerald, Michael, 2004, Hackers, Crackers and Script Kiddies, ExtremeTech.com, January 8, p. 1. FreeBSD, FreeBSD Handbook, freebsd.org, 2004. Website accessed 2 May 2004. http://www.freebsd.org/doc/en_US.IS08859-1/books/handbook/firewalls.html. Furnell, S. M., and M. J. Warren, 1999, Computer hacking and cyber terrorism: the real threats in the new millennium? Computers & Security, 18 (1), pp. 28-34. Gordon, Lawrence A, Martin P. Loeb, William Lucyshyn and Robert Richardson, 2004, CSI/FBI Computer Crime and Security Survey, Computer Security Institute. Website accessed 13 July 2004, http://www.usdoj.gov/criminal/cybercrime/CSI_FBI.htm Govinda, S., 2002, Hacking and Intrusion Detection Management, University of Montana, Website accessed 17 August 2004, ncb.intnet.mu/ncb/events/cyber/pres4. ppt Grover, Sandeep, 2003, Buffer Overflow Attacks and Their Countermeasures, SSC Publications, Website accessed 12 August 2004, http://www.linuxjoumal.com/article.php?sid=6701 Hagopian, Stephanie, 2004, Network-Based Intrusion Prevention System Technology, SANS Institute, 7 April 2004, www.giac.org/practical/GSEC/Stephanie_Hagopian_GSEC.pdf Hancock, Bill, 1999, A unique Canadian approach Invite the hacker to nail your networks, Computers & Security, 18 (2), pp. 103-104. Hancock, Bill, 1999, Hackers attack US Government web sites in protest of Chinese embassy bombing, Computers & Security, 18 (4), p.279. Hancock, Bill, 2000, NASA Hacker Pleads Guilty, Computers & Security, 19 (8), 1 December, pp. 668- 669. Henning, Ronda, and Richard Caliari, 2003, Behavior-Based Intrusion Prevention, Harris Corporation, Website accessed 7 May 2004, http://www.stat.harris.com/solutions/bbip.asp HighTower Software, 2004, Towerview, HighTower Software, Website accessed 20 July 2004, http://www.hightowersecurity.com/ProdOverview.html Hunt, R. and T. Verwoerd, 2003, Reactive firewalls—a new technique, Computer Communications, 26, pp. 1302-1317. Hunter, Philip, 2003, Distributed Intrusion Detection Systems (DWS) can make security more adaptive, Network Security, 3, March, pp. 16-18. ICSA Labs. Online Firewall Buyer's Guide, ICSAlabs.com, 2004. Website accessed 28 April 2004. http://www.icsalabs.com/html/communities/firewalls/buyers_guide/index.shtml. Innella, Paul, 2001, The Evolution of Intrusion Detection Systems, Tetrad Digital Integrity, Website accessed 7 April 2004, http://www.securityfocus.com/infocus/1514. Internet Security Systems, 2004, Methods, Internet Security Systems, Website accessed 18 August 2004 http://www.iss.net/security_center/advice/Underground/Hacking/Methods/default.htm IT Security, 2002, Computer Security Dictionary, ITsecurity.com, Website accessed 2 May 2004, http://www.itsecurity.com/dictionary/dictionary.htm. ITsecurity.com, 2004, Attack, ITsecurity.com, Website accessed 31 August 2004 http://www.itsecurity.com/dictionary/attack.htm ITsecurity.com, 2004, Black Hats/White Hats, ITsecurity.com, Website accessed 6 August 2004, http://www.itsecurity.com/dictionary/black.htm Jackson, Jeromie, 1997, Making distinctions between firewall technologies, Computer Technology Review; Winter, p. 38. Johnson, Mark Webb, nd., Intrusion Detection & Prevention, Network Box Corporation. www.hkcert.org/ppt/event096/idp.pdf. Kovacich, Geald, L., 1995, Local Area Networks Security: Establishing Policies and Procedures, Network Security, 1, January, pp. 13-16. Krull, Joseph E., 2003, What to expect from your 1PS, Communications News, 40, October, (10), p. 19. Lim, Jeanee, 2003, Intrusion detection & prevention systems, Asia Computer Weekly June 30th, p. 1. Lindstrom, Pete, 2004, Intrusion Prevention Systems (IPS): Next Generation Firewalls, Website accessed 26 May 2004, www.forum-intrusion.com/SpireIPS_Whitepaper.pdf McAfee Security, 2004, McAfee IntruShield Security Management, McAfee Security, Website accessed 20 July 2004 http://www.networkassociates.com/us/products/sniffer/network ips/global_manager.htm McHugh, John, Christie, A., and Allen, J., 2000, The Role of Intrusion Detection Systems, IEEE Software, October 2000, Website accessed 28 May 2004. http://www.computer.org/software/so2000/pdf/s5042.pdf. Meyer, Helen, 1997, A History of Firewall Technology, Computers & Security, 16 (4), p. 331. Meyer, Helen, 1998, Is network intrusion detection software being used correctly?, Computers & Security, 17 (6), p.521. Microsoft Corporation, 2004, Microsoft Guide to Security Patch Management, Microsoft Corporation, Website accessed 6 September 2004, http://netsecurity.about.com/library/Microsoft_Guide_to_Security_Patch_Management_vl.exe Mogul, Jeffery C., 1989, Simple and Flexible Datagram Access Controls for Unix-based Gateways, USENIX Conference Proceedings, pp. 203-221. Najmi, 2002, Types of Attacks on Web Servers, AgMAY Inc, Website accessed 12 August 2004, http://www.techiwarehouse.com/Articles/2002-06-24.html Napier, Duncan, 2001, IPTables/NetFilter - Linux's next-generation stateful packet filter, Sys Admin, 10 (12), December, pp. 8-13. Netmaster, 2002, Dynamic Packet Filtering (DPF), NetMaster Digital Security, Website accessed 2 May 2004. http://www.netmaster.com/products/ggos-dpf.pdf. Netscreen Technologies, 2003, Comparison of Firewall, Intrusion Prevention and Antivirus Technologies, Netscreen. Technologies, website accessed 7 April 2004, http://www.ncs.cz-novinky/seminar/fw_idp.pdf. Network Associates, 2003, Intrusion Prevention: Myths, Challenges, and Requirements, Network Associates, Website accessed 5 April 2004, www.networkassociates.com/us/tier2/productsLmedia/sniffer/wp intrusionprevention.pdf Novell, 2000, Fundamentals of Packet Filtering, Novell.com,. Website accessed 28 April 2004. http://developer.novell.com/research/appnotes/2000/septembe/02/a0009023.htm. NSS Group, 2004, Intrusion Prevention Systems (IPS), The NSS Group Ltd, Website accessed 26 May 2004, http://www.nss.co.uk/WhitePapers/intrusion_prevention_systems.htm Okena Security, 2004, Storm Watch, UK Security focus, Website accessed 20 July 2004 http://www.uksecurityfocus.com/products/okena/ O'Rourke, Morgan, 2004, Cyber-Extortion. Evolves, Risk Management, 51, April, (4); p. 10. Packer, Ryon, 2001, Protecting the Network: NIDS: the logical first step in intrusion detection deployment, Network Security, 12, December, pp. 10-11. PC Help, 1999, What is a Firewall, PC Help, Website. Accessed 13 May 2004, http://www.pchelp. org/www.nwinternet.com/pchelp/security/firewalls.htm Philippsohn, Steven, 2002, Hacker attacks, Management Today, December, p. 42. Pierce, Barry. How Firewalls Work, San Jose State University, 2003. Website accessed 2 May 2004. http://www.cob.sjsu.edu/wong_r/b118/presentation/firewall-bp.html. Raikow, David, 2000, Grey Hats, Black Hats, and Script Kiddies, CNET Networks Inc, Website accessed 6 Spetember 2004 http://news.zdnet.co.uk/software/0,39020381,2078226,00.htm Red Hat Inc, 2004, Attackers and Vulnerabilities, Red Hat Inc, Website accessed 12 August 2004, http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/ch-risk.html Ronnau, Lou, 1999, Securing Routers Against Hackers and Denial of Service Attacks, Cisco Systems, Website accessed 17 August 2004, http://net-services.ufl.edu/security/itsa/attacks-ronnau.ppt. Roy Troxel, 2003, Social Engineering and other Low-Tech Hacking Methods, eDevCafe, Website accessed 12 August 2004 http://www.edevcafe.com/viewdoc.php?eid=472 Sana Security, 2004, Pre-empt and Defeat Automated Malware Attacks with Primary Response, Sana Security, Website accessed 20 July 2004, http://www.sanasecurity.com/products/index.php Schepers, F. 1998, Network- Versus Host-based Intrusion Detection, Information Security Technical Report, 3 (4), pp. 32-42. Schmidt, Charles and Tom Darby. The What, Why, and How of the 1988 Internet Worm, Snowplow.com, 2001. Website accessed 13 May 2004. Secure Computing, 2003, Intrusion Prevention Systems (IPS), Secure Computing Corporation, Website accessed March 2004, http://www.condyn.net/download/Intru-Preven-WP1-Aug03-vF.pdf Sheldon, Tom, 2002, General firewall Paper, WindowSecurity.com, Website accessed 28 April 2004. http://www.secinfnet/firewalls_and_VPN/GeneralFirewall_White_Paper.html Sonic WALL, 2004, SonicWALL Intrusion Prevention Service, SonicWALL, Website accessed 20 July 2004 http://www.sonicwall.corn/products/ips.html Sourcefire, 2003, Snort 2.0: Detection revisited, Snort. org, 1 February 2003, Website accessed 31 May 2004, http://www.sourcefire.com/technology/whitepapers/sfsnort20_detection_rvstd. pdf. Sundaram, Aurobindo, 1996, An Introduction to Intrusion Detection, Associates of Computer Machinery, Website accessed 9 April 2004. http://www.acm.org/crossroads/xrds2-4/intrus.html. Surfcontrol, 2004, Surfcontrol Resource Center , Surfcontrol, Website accessed 3 August 2004, http://www.surfcontrol.com/resources/aup/ Symantec Corporation, 2003, Knowledge Base Document, Symantec Corporation, Website accessed 20 July 2004 www.symantec.com Symantec Corporation, 2004, Symantec Internet Security Threat Report, Symantec Corporation, Website accessed 6 September 2004, https://enterprisesecurity.symantec.com/Content/displaypdf.cfm?SSL=YES&PDFID-1034 SysUpdate, 2002, Patch Management Best Practices Summary, SecurityProfiling.com, Website accessed 6 September 2004, www.securityprofiling.com/pdf/Patch_ Management_ Best_ Practices Summary.pdf. Talley, Brooks and Mark Pace, 2000, Choosing a firewall requires good advice, thorough knowledge of proxies and states, InfoWorld, 22, Jan. 10, p. 52. TechRepublic. Strengthen your network defences with these four steps, ZDnet.com, 2003. Website accessed 28 April 2004. http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2913584,00.html. Techtarget. Dynamic Packet Filter, Techtarget.com, 2001. Website accessed 2 May 2004. http://searchnetworking.techtarget.com/sDefinition/0„sid7_gci212023,00.html. Unisys, 2004, Security Patch Management, Townsend & Taphouse, Website accessed 6 September 2004, http://www.itsecurity.com/papers/unisysl.htm University of Otago, 2004, Security Patching, Univerisity of Otago, Website accessed 6 September 2004, http://policy01.otago.ac.nz/policies/Verwoerd, Theuns and Ray Hunt, 2002a, usion Detection Techniques and approaches, Computer Communications, 24, pp. 1356-1365. Verwoerd, Theuns and Ray Hunt, 2002b, Security architecture testing using IDS a case study, Computer Communications, 25 (15), pp. 1402-1412. Von Solms, Basie and Rossouw von Solms, 2004, The 10 deadly sins of information security management, Computers & Security, 23 (5), pp. 371 – 376. Webopedia, 2004, What is a Firewall?, Jupitermedia Corporation, 2004. Website accessed 28 April 2004 http://www.webopedia.com/TERM/f/firewall.html. Webopedia, 2004, What is a Patch?, Jupitermedia Corporation, Website accessed 6 September 2004 http://www.webopedia.com/TERM/P/patch.html Whitman, Michael E and Herbert J Mattord, 2003, Principles of Information Security, Thomson Publishing. Wood, Charles Cresson, 1995, Writing InfoSec Policies, Computers & Security, 14, pp. 667-674