The 2002 CSI/FBI Survey underscored the pervasiveness of the network intrusion problem. Ninety percent of respondents reported security breaches within the past 12 months, with 39 percent admitting to 10 or more incidents.

Intrusion techniques never stop evolving, of course. The latest attack tools range from stealthy port scanners to automated root kits. To cite just one example, the popular port scanner nmap can now identify over 100 different operating system releases, hiding the source of the scan by sending out decoy packets.

Meanwhile, enterprises using existing IDS face very high false alarm rates. "The simple approaches that most of today's commercial ID systems use to detect attacks are, in most cases, unreliable. Even a very low frequency of false alarms can obscure true attack signals. Improvements in diagnostic accuracy are critically needed," according to a recent report by Carnegie Mellon' s Software Engineering Institute (SEI).

[ Read more ]

Related items

• News: Intrusion Detection: Implementation and Operational Issues (15 July 2002)
• News: Use Snort for Lightweight Intrusion Detection (10 July 2002)
• News: Intrusion detection: running a hacker simulation (31 May 2002)
• News: Beyond intrusion detection (29 May 2002)
• News: IDS Evasion Techniques and Tactics (7 May 2002)
• Article: Structural versus Operational Intrusion Detection (8 April 2002)
• Article: Interpreting Network Traffic: A Network Intrusion Detector's Look At Suspicious Events (4 April 2002)
• Article: Network Intrusion Detection of Third Party Effects (4 April 2002)
• Article: Information Warfare: When Intrusion Detection Isn't Enough (1 April 2002)
• Article: Traditional Intrusion Detection Model Outdated and Distracting (1 April 2002)