- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
SANS InfoSec Reading Room - Intrusion Detection
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 75 papers as of Sep 8, 2008
- Network IDS & IPS Deployment Strategies
- Nicholas Pappas
- April 11, 2008
- - download paper
- Challenges of Managing an Intrusion Detection System (IDS) in the Enterprise
- Russell Meyer
- March 28, 2008
- - download paper
- Detecting and Preventing Unauthorized Outbound Traffic
- Brian Wippich
- October 29, 2007
- - download paper
- Distilling Data in a SIM: A Strategy for the Analysis of Events in the ArcSight ESM
- James Voorhees
- October 12, 2007
- - download paper
- Tuning an IDS/IPS From The Ground UP
- Brandon Greenwood
- September 27, 2007
- - download paper
- Detecting and Preventing Rogue Devices on the Network
- Ibrahim Halil Saruhan
- August 13, 2007
- - download paper
- Assumptions in Intrusion Detection - Blind Spots in Analysis
- Rodney Caudle
- March 28, 2007
- - download paper
- Enhancing IDS using, Tiny Honeypot
- Richard Hammer
- November 13, 2006
- - download paper
- Passive Application Mapping
- Benjamin Small
- October 27, 2006
- - download paper
- A Framework to Collect Security Events for Intrusion Analysis
- Jim Chrisos
- April 3, 2006
- - download paper
- Solaris 10 Filesystem Integrity Protection Using Radmind
- Sam Wilson
- May 17, 2005
- - download paper
- Understanding Wireless Attacks and Detection
- Christopher Low
- May 17, 2005
- - download paper
- A Honeypot Based Worm Alerting System
- Jeff Kloet
- May 5, 2005
- - download paper
- Building a tripwire System for SQL Server
- Frank Ress
- May 5, 2005
- - download paper
- Maintaining a Secure Network
- Robert Droppleman
- August 15, 2004
- - download paper
- Enforcing Policy at the Perimeter
- Derek Buelna
- July 25, 2004
- - download paper
- Algorithm-based Approaches to Intrusion Detection and Response
- Alexis Cort
- June 9, 2004
- - download paper
- Running a World Class Intrusion Detection Program: More Than Just Picking the Right Tool
- JD Aupperle
- May 2, 2004
- - download paper
- Understanding IPS and IDS: Using IPS and IDS together for Defense in Depth
- Ted Holland
- May 2, 2004
- - download paper
- Enterprise Security Management Reducing the Pain of Managing Multiple IDS Systems
- David Leadston
- March 25, 2004
- - download paper
- IDS Burglar Alarms: A How-To Guide
- Mark Embrich
- March 2, 2004
- - download paper
- Intrusion detection evasion: How Attackers get past the burglar alarm
- Corbin Del Carlo
- December 13, 2003
- - download paper
- Wanted Dead or Alive: Snort Intrusion Detection System
- Mark Eanes
- December 13, 2003
- - download paper
- Secure Setup of a Corporate Detection and Scanning Environment
- Dieter Sarrazyn
- December 13, 2003
- - download paper
- Snort Alert Collection and Analysis Suite
- Chip Calhoun
- November 6, 2003
- - download paper
- Distributed NIDS: A HOW-TO Guide
- Alan McCarty
- November 6, 2003
- - download paper
- Logfile Analysis: Identifying a Network Attack
- Michael Fleming
- October 31, 2003
- - download paper
- How to Choose Intrusion Detection Solution
- Baiju Shah
- October 31, 2003
- - download paper
- Using Snort v1.8 with SnortSnarf on a RedHat Linux System
- Richard L. Greene
- October 31, 2003
- - download paper
- Application of Neural Networks to Intrusion Detection
- Jean-Philippe Planquart
- October 31, 2003
- - download paper
- Understanding Intrusion Detection Systems
- Danny Rozenblum
- October 31, 2003
- - download paper
- Selecting an Intrusion Detection System
- Kathleen Buonocore
- October 31, 2003
- - download paper
- Anti-IDS Tools and Tactics
- Steve Martin
- October 31, 2003
- - download paper
- Building and Maintaining a NIDS Cluster Using FreeBSD and Snort
- Michael Boman
- October 31, 2003
- - download paper
- Intrusion Detection - Systems for Today and Tomorrow
- George Ho
- October 31, 2003
- - download paper
- Intrusion Detection Systems: An Overview of RealSecure
- Darrin Wassom
- October 31, 2003
- - download paper
- Intrusion Detection Systems: Definition, Need and Challenges
- Abhijit Sarmah
- October 31, 2003
- - download paper
- The History and Evolution of Intrusion Detection
- Guy Bruneau
- October 31, 2003
- - download paper
- An Informal Analysis of One Site's Attempts to Contact Host Owners
- Laurie Zirkle
- October 31, 2003
- - download paper
- Black ICE 2.5 Events, False Positives and Custom Attack Signatures
- Alan Mercer
- October 31, 2003
- - download paper
- Network Intrusion Detection - Keeping Up With Increasing Information Volume
- Timothy Weber
- October 31, 2003
- - download paper
- Host-Based Intrusion Systems for Solaris
- Lynn Bogovich
- October 31, 2003
- - download paper
- Protocol Anomaly Detection for Network-based Intrusion Detection
- Kumar Das
- October 31, 2003
- - download paper
- Do I Need to Be Concerned About These Firewall Log Entries?
- Arvid Soderberg
- October 31, 2003
- - download paper
- IDS - Today and Tomorrow
- Thomas Goeldenitz
- October 31, 2003
- - download paper
- Using Snort For a Distributed Intrusion Detection System
- Michael P. Brennan
- October 31, 2003
- - download paper
- Host Based Intrusion Detection: An Overview of Tripwire and Intruder Alert
- Allison Hrivnak
- October 31, 2003
- - download paper
- Suspicious Unix Log File Entries and Reporting Considerations
- Cathy Gresham
- October 31, 2003
- - download paper
- A Tool for Running Snort in Dynamic IP Address Assignment Environment
- Shin Ishikawa
- October 31, 2003
- - download paper
- Intrusion Detection Interoperability and Standardization
- Pravin Kothari
- October 31, 2003
- - download paper
- Network IDS: To Tailor, or Not to Tailor
- Jon-Michael C. Brook
- October 31, 2003
- - download paper
- SSH and Intrusion Detection
- Heather M. Larrieu
- October 31, 2003
- - download paper
- The Design and Theory of Data Visualization Tools and Techniques
- Brian K. Sheffler
- October 31, 2003
- - download paper
- A Practical Guide to Running SNORT on Red Hat Linux 7.2 and Management Using IDS Policy Manger MySQL
- William Metcalf
- October 31, 2003
- - download paper
- A Thousand Heads Are Better Than One - The Present and Future of Distributed Intrusion Detection
- Robert Zuver
- October 31, 2003
- - download paper
- Snort Install on Win2000/XP with Acid, and MySQL
- Christina Neal
- October 31, 2003
- - download paper
- A Single IDS Console Please: ManHunt 2.1 Pilot Test
- Scott Reynolds
- October 31, 2003
- - download paper
- Doing My Part - Sending Data to the Internet Storm Center
- Sydney Jensen
- October 31, 2003
- - download paper
- Hands in the Honeypot
- Kecia Gubbels
- October 31, 2003
- - download paper
- Intrusion Prevention Systems- Security's Silver Bullet?
- Dinesh Sequeira
- October 31, 2003
- - download paper
- Distributed Intrusion Detection Systems: An Introduction and Review
- Royce Robbins
- October 31, 2003
- - download paper
- Turning the tables: Loadable Kernel Module Rootkits deployed in a honeypot environment
- Jonathan Rose
- October 31, 2003
- - download paper
- Archiving Event Logs
- Jim Stansbury
- October 31, 2003
- - download paper
- The Keep Within the Castle Walls - An Experiment in Home Network Intrusion Detection
- Gary Wallin
- October 31, 2003
- - download paper
- Intrusion Detection Is Dead. Long Live Intrusion Prevention!
- Timothy Wickham
- October 31, 2003
- - download paper
- An Overview of PureSecureTM
- Jeffrey Slonaker
- October 31, 2003
- - download paper
- Installing, Configuring, and Testing The Deception Tool Kit on Mac OS X
- Jon Lucenius
- October 31, 2003
- - download paper
- Intrusion Prevention - Part of Your Defense in Depth Architecture?
- Roberta Spitzberg
- October 31, 2003
- - download paper
- Securing a Windows Snort Sensor for Hostile Environments
- Michael Wunsch
- October 31, 2003
- - download paper
- IDMEF "Lingua Franca" for Security Incident Management
- Douglas S. Corner
- October 31, 2003
- - download paper
- Intelligent Correlator for NIDS
- Marco Bove
- October 31, 2003
- - download paper
- Intrusion Detection with MOM - Going Above the Wire
- Don Murdoch
- October 31, 2003
- - download paper
- The Human Factor - Adding Intelligence and Action to Intrusion Detection
- Daniel Hill
- October 31, 2003
- - download paper
- Choosing an Intrusion Detection System that Best Suits your Organization
- Dennis Mathew
- September 16, 2002
- - download paper
- Fundamental Honeypotting
- Justin Mitchell
- - download paper
Check Them Out!
This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC
