DShield - A community approach to intrusion detection    Thursday, June 23 2005 @ 04:52 AM EDT Contributed by: glosser Linux.com takes a look at the DShield project. Analyzing firewall logs is key to understanding the threats your servers face. Knowing what the bad guys are looking for is the first step in assessing how vulnerable your servers are. Both open source and commercial firewalls make log information available to firewall administrator. But taking risk assessment a step further, what if there were a way to apply the principles that make open source software successful to firewall log analysis? A way to help yourself and others at the same time? The DShield project seeks to do just that. DShield bills itself as a distributed intrusion detection system. It works by collecting statistics from firewalls all over the world. Just how many reports does DShield receive? Currently its Web site lists about 24 million records each day, with more than 840 million recorded last month. DShield can collect this enormous amount of data because of the number of clients and third-party add-ons that work with it. I counted clients for more than 60 hardware and software firewalls -- everything from Linux-based iptables firewalls to Windows XP Internet Connection Firewall. The information they collect provides global insight into the who, what, and where of suspicious network activity. Full article   [ Views: 1689 ]

DShield - A community approach to intrusion detection | 0 comments | Create New Account

Newest First Oldest First Flat Nested No Comments Threaded

The following comments are owned by whoever posted them. This site is not responsible for what they say.

No user comments.