Team LiB   Previous Section   Next Section

11.5 Resources

  1. Amoroso, Ed. Intrusion Detection. Sparta, NJ: Intrustion.Net Books, 1999.

    Excellent introduction to the subject.

  2. http://web.mit.edu/tytso/www/linux/ext2intro.html

    Card, Rémy, Theodore Ts'o, and Stephen Tweedie. "Design and Implementation of the Second Extended Filesystem."

    Excellent paper on the LinuxEXT2 filesystem; the section entitled "Basic File System Concepts" is of particular interest to Tripwire users.

  3. Northcutt, Stephen and Judy Novak. Network Intrusion Detection: An Analyst's Handbook. Indianapolis: New Riders Publishing, 2001.

    A very practical book with many examples showing system log excerpts and configurations of popular IDS tools.

  4. http://www.chkrootkit.org/

    Home of the chkrootkit shell script and an excellent source of information about how to detect and defend against rootkits.

  5. http://sourceforge.net/projects/tripwire

    Project pages for Tripwire Open Source. The place to obtain the very latest Tripwire Open Source code and documentation

  6. http://prdownloads.sourceforge.net/tripwire/tripwire-2.3.0-docs-pdf.tar.gz

    Tripwire Open Source Manual and the Tripwire Open Source Reference Card in PDF format. Required reading! (If this link doesn't work, try http://sourceforge.net/project/showfiles.php?group_id=3130).

  7. http://www.tripwire.org

    Home page for Tripwire Open Source. Binaries for Linux available here.

  8. http://www.tripwire.com/downloads/tripwire_asr/index.cfml?

    Tripwire Academic Source Release download site.

  9. http://securityportal.com/topnews/tripwire20000711.html

    Article on using Tripwire Academic Source Release, by Jay Beale (principal developer of Bastille Linux).

  10. http://www.cs.tut.fi/~rammer/aide.html

    Official web site for the Advanced Intrusion Detection Environment (AIDE).

  11. http://www.geocities.com/fcheck2000/

    Official web site for FCheck, an extremely portable integrity checker written entirely in Perl.

  12. Ranum, Marcus J. "Intrusion Detection & Network Forensics."

    Presentation E1/E2 at the Computer Security Institute's 26th Annual Computer Security Conference and Exhibition, Washington, D.C., 17-19 Nov 1999.

  13. http://www.snort.org

    Official Snort web site: source, binaries, documentation, discussion forums, and amusing graphics.

  14. http://www.cert.org/kb/acid

    The Analysis Console for Intrusion Databases (ACID) is a PHP application that analyzes IDS data in real time. ACID is a popular companion to Snort because it helps make sense of large Snort data sets; this is its official home page.

  15. http://www.algonet.se/~nitzer/oinkmaster

    Home of the Oinkmaster auto-Snort rules update script.

  16. http://www.whitehats.com

    Security news, tools, and the arachNIDS attack signature database (which can be used to update your SNORT rules automatically as new attacks are discovered).

  17. http://www.lids.org

    The Linux Intrusion Detection System (LIDS) web site. LIDS is a kernel patch and administrative tool that provides granular logging and access controls for processes and for the filesystem.

    Team LiB   Previous Section   Next Section