« Bace: Ch 1--History of Intrusion Detection | Main | Bace: Ch 2--Concepts and Definitions »
Wednesday, July 30, 2008
Bace: Ch 1 continued
These were thoughts that came to me as I was reading, not actually material from the book itself...
Can an IDS backtrack password guessers? If you have an IP, can the system check tos ee who is behind the IP? Can the IDS investigate, play detective? If its an internal threat, it should be easy, but if its an external threat, it could be hard. But could a person somehow monitor that remote IP to see what else that person is doing? Maybe they logon to some system that shows their name or username. Maybe you can get a general idea of who they are by the websites they look at. If they look at tamu.edu there is a strong chance that they are a prospective or current student (with a smaller chance off being a former student). But I guess before I go too far down that rabbit trail, ethical considerations need to come into play. Is that legal? Invasion of privacy? I'm thinking not, especially if the person was clearly trying to guess passwords on your system. Don't you have a right to try to figure out who that person is?
Better yet, can I get a person's MAC address if I know their IP? That would be more useful than an IP in this day of DHCP. But I'm guessing the IP address would be more helpful in trying to track the person. Should this program be named after a tracking dog (Malamute??) or a detective (Ollie, Bacon?)
...
I'm so ignorant. Bace tells me on page 22 that my tracking system idea was done 18 yeras ago, in a system called DIDS.
...
So overall, chapter 1 pretty much lived up to its name. I got a short history of intrusion detection. What's nice is it not only tells the systems, but it also tells the players, including the principal architect of each system. What's disturbing is that this book's history stops at 1990. The book was published in 1999, and I was content to have a book that is almost a decade old if it was pretty definitive. But if the information is actually decades old...I don't know. Well, I guess I'm not reading this book for the systems, but to gain an understanding of the concepts, so this book still should be okay, I hope...