Jump to content


Check out our Community Blogs

lasthell

Member Since 23 Dec 2007
Offline Last Active Sep 12 2017 06:26 PM
-----

Posts I've Made

In Topic: Doing final year project based upon an intrusion detection system (IDS) - Nee...

25 December 2007 - 05:21 AM

Naveed, if you want to go with very simplistic approach, this can be done.

1) Linux utility "netsed" can be used to match patterns on packet data. This utility works just like sed, just instead of files it works on packet data.

2) Make collection of some limited software vulnerability signatures in one file, and match these signatures against tcp payload of specific port using netsed.

3) You can get any application specific(telnet, ftp, etc..) vulnerability information on net and develop signatures for the same(u can download them too).

4) You have to differentiate signatures according to their protocols which in turn can be identified using port numbers.

5) So using netsed u ll be matching signatures only specific to that application with packets coming on that application's standard port.

6) You can log information using simple bash commands when pattern matches.

Run ur IDS script/application as daemon on server machine and you are through.

In Topic: Hardware vs Software firewalls

24 December 2007 - 05:51 AM

You were talking about hardware firewall, you don't use it to protect single PC but entire subnet thats why I was talking about firewall softwares which can be installed on any powerful system and used at the mouth of subnet.(Not sweet little PC firewalls which runs as an application).

In Topic: Are anti-virus programs a real necessity?

24 December 2007 - 01:39 AM

If your requirement of PC is just casual communication, browsing and entertainment then you dont need any AV. But if you keep any critical data on your system, or even communicate some, use it for bank transactions, its better to have AV module running as first layer of defence for PCs. Firewalls and NIDS are ok for network level defense but you need seperate security mechanisms for your PC. PC firewall, spyware/malware detection. rootkit detection and AV are need of the hour. Off course these things take some cpu cycles and memory, so you have to take judgment call from cost of these modules vs cost of your data.

In Topic: source code protection against hackers

24 December 2007 - 01:29 AM

First set right permission to your source code files. Second if hacker have access to your computer through a rootkit or backdoor, he can do anything with your machine, even manipulating spyware detection or antivirus softwares. So better keep the file set encrypted on your harddisk. NTFS provides that future.

Anyways when you will publish your software, if its really good, people ll find out its source code using reverse engineering.. :) so dont think much beyond setting some security measures.

In Topic: Hardware vs Software firewalls

24 December 2007 - 01:22 AM

differentiating firewalls into hardware of software does not make any sense. Even if you run firewall on your local PC, it ll need dedicated hardware, right?? The firewalls which are sold as independent hardware are specifically designed so they are fast and costly, where the firewalls sold as softwares, it depends on on which system you are setting it up. So technically software plus hardware support make firewalls, it depend on your needs which type of firewall you want to buy. If you just want to plug and play go for hardware. If you have minimal requirements from firewall you can install software firewall on your gateway or proxy server.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download