SANS puts Shadow in the public domain

Institute director calls for "Center for Intrusion Control"

SunWorld
July  1998
[Next story]
[Table of Contents]
[Search]
Sun's Site

Mail this
article to
a friend
Boston (July 22, 1998) -- A U.S. research and education cooperative focused on systems security will place a new set of intrusion detection tools in the public domain today, making them freely available to organizations that want to monitor their systems and networks for hacking attempts.

Called Shadow, the software is being made available by the Bethesda, Maryland-based SANS (System Administration Networking & Security) Institute. The group said today that the code is already in use actively monitoring more than 40 known attack profiles in incoming network traffic for more than 14,000 hosts. The tool has also allowed system security analysts to identify, or provided illumination of, three completely new types of attacks, the SANS Institute said.

Alan Paller, the institute's research director, called for more cooperation between the U.S. government and industry, saying the nation's computing infrastructure is vulnerable to increasingly sophisticated attacks.

The "missing ingredient" is an institution of some kind that would allow organizations to report information about systems intrusions, Paller said. "What we need is a Center for Intrusion Control" analogous to the U.S. Centers for Disease Control, he added. What makes the world-renowned CDC work is that information is supplied to the agency with the understanding that it remain confidential, Paller explained. Right now, businesses are reluctant to report that they have been hacked because of the negative publicity that ensues, he said.

Among the unique aspects of the Shadow software is that it analyzes traffic, rather than content, in order to preserve privacy, according to the SANS Institute. It also monitors all ports for all protocols, and combines signature monitoring with statistical assessment that detects events the filters do not know how to decode. Finally, Shadow can be run on a systems configuration, including high-capacity storage, that should cost in total less than $10,000, according to the institute.

The SANS Institute will also run a series of training programs instructing systems and network professionals in the use of the Shadow software. The first will be in San Francisco July 24-25, followed by sessions in New York (July 27-28) and Washington, D.C. (Aug. 24-25). There will also be a five-day intensive program in Orlando, Florida, Oct. 26-20, Paller said.

Information about Shadow will be made available to anyone in the U.S. who sends e-mail to info@sans.org with the subject SHADOW Description. While the intention is to serve organizations in the U.S., Paller admitted that this will be difficult to enforce in practice. People requesting information will receive instructions for downloading, installing and running the software, plus agendas and schedules for the training programs.

--Elizabeth Heichler, IDG News Service


Resources


What did you think of this article?
-Very worth reading
-Worth reading
-Not worth reading
-Too long
-Just right
-Too short
-Too technical
-Just right
-Not technical enough
 
 
 
    

SunWorld
[Table of Contents]
Sun's Site
[Search]
Feedback
[Next story]
Sun's Site

[(c) Copyright  Web Publishing Inc., and IDG Communication company]

If you have technical problems with this magazine, contact webmaster@sunworld.com

URL: http://www.sunworld.com/swol-07-1998/swol-07-sans.html
Last modified: