[371] in Intrusion Detection Systems
Introduction.
daemon@ATHENA.MIT.EDU (Diego Zamboni)
Wed Nov 1 16:31:11 1995
From: Diego Zamboni <diego@conga.super.unam.mx>
Date: Tue, 31 Oct 95 18:49:57 -0600
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
-----BEGIN PGP SIGNED MESSAGE-----
Hi:
I just subscribed to IDS, and in the welcome message got the following:
> When joining the list I ask you to briefly introduce yourself,
My name is Diego Zamboni, and I'm head of the Computer Security
Area at the Computer Services Direction (DGSCA) in the National
Autonomous University of Mexico (UNAM). My area is a recently formed
one, although I've been working on security for over 2 years now.
> to give an outline of your interest in intrusion detection
> systems. Whether you are developing an intrusion detection
> system, or a system administrator or student who is currently
> investigating or developing a system.
As almost every computer security area, we are overworked and
underbudgeted. I have only 4 people working with me, and we have to
directly monitor over 20 workstations of every flavor you could
think of (DEC, SGI, Sun, NeXT, HP) and a Cray Supercomputer.
Besides, we're trying to expand our activities onto the University
by spreading information and organizing events about computer
security. Besides, 3 of the people who work with me are part-time
students, so I can't count on them for time-intensive tasks.
So, we don't always have much time to manually monitor our systems,
watch our logs, etc. Right now, we are working on the development
of an intrusion detection system appropriately suited for our
environment. We're barely on the first design steps, but we have
already identified the following needs:
- - Expandability: the system will accommodate new data tests and
new systems as they become available. It will be able to analyze
data coming from many sources, like several security tools, as well
as from the systems' logs.
- - Modularity: the work will be clearly defined between the
different modules, which will allow new modules to be added, or
existing modules to be modified or replaced, without affecting the
overall functioning of the system.
- - Security: encryption will be used, where necessary, to keep the
data from being disclosed.
Of course, one of the reasons of joining the list is getting to
know what already exists, in order to avoid unnecessary work or to
learn from others' experience.
> Additionally you might want to express some personal ideas
> that you have about what you think an intrusion detection
> system ideally, should be.
I think the above items express much of what I think. Intrusion
detection is, definitely, not an easy task, and a system which can
detect intrusions as well as a human will probably never be
detected, but they'll always have the advantage of being awake and
alert all the time. And we have to make those systems as extendable
and configurable as possible.
> For those that are looking for some reference material I will
> be posting a bibliography and some hints to finding some
> material
I would love to get that material!
Of course, any comments on anything that I said will be welcome.
Best regards.
- ---
Diego Martin Zamboni Area de Seguridad en C'omputo
diego@conga.dgsca.unam.mx DGSCA, UNAM, Mexico. Tel. (52-5)622-85-29
(NeXTMail ok) Fax. (52-5)622-80-43
WWW home page: http://ds5000.dgsca.unam.mx/~diego/
PGP key: finger diego@conga.dgsca.unam.mx
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCZAwUBMJbEHY13vB0Tr4iFAQFs8QQffL8Mug3Z1sAbzgR+XtY6FZyzs91SaO42
aIGMT2nG8EgMQdShJmjMW8x0xSNFtyAekgEqj6x5R8XAGSS1T1XHR/wOqiwvmDaT
lPPcsudAbuZplhUeamOtwwQU//sHvShJFQWIZE7wDPEmeVYxsbiwiSAII59MfAEI
OpQzFtnvmVJ2Hi2p
=b9af
-----END PGP SIGNATURE-----
