ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Detecting intruders on a campus network: might the threat be coming from within?
Full text PdfPdf (189 KB)
Source User Services Conference archive
Proceedings of the 33rd annual ACM SIGUCCS conference on User services table of contents
Monterey, CA, USA
Pages: 113 - 117  
Year of Publication: 2005
ISBN:1-59593-200-3
Authors
Rich Henders  North Central College, Batavia, IL
Bill Opdyke  North Central College, Batavia, IL
Sponsors
ACM: Association for Computing Machinery
SIGUCCS: ACM Special Interest Group on University and College Computing Services
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 8,   Downloads (12 Months): 80,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1099435.1099461
What is a DOI?

ABSTRACT

Campus networks, and the Information Technology organizations that support these networks, are facing security threats that are increasing in both size and complexity. Students, faculty and (non-academic) staff collectively provide a broad set of expectations and challenges to securely support. Intrusive actions and security challenges may originate outside or within a network. Security and trust can be difficult to maintain in such an environment. Intrusion detection is an important part of a comprehensive security strategy.Snort has become a popular and widely installed Intrusion Detection System (IDS). It functions as a network packet sniffer which, based on comparisons of packet contents with known virus signatures encapsulated as rules, can initiate action and record events and information related to them in a log file and/or database. Because Snort inspects all packets on a network, large amounts of data can be produced, especially until an administrator can tune the rules sets, contained in 52 separate files, to the needs of the installation. This process can lead to a large number of false alerts, which may cause real alerts to be overlooked and the viability of the tool to be questioned.This paper summarizes work with installation and implementation of Snort on a North Central College internal network, with special emphasis on access to data logged to a MySQL database as well as presentation of data through Perl scripts. Output of Perl scripts and code snippets supporting the output are also presented as basis for future efforts.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Brian Caswell , James C. Foster , Ryan Russell , Jay Beale , Jeffrey Posluns, Snort 2.0 Intrusion Detection, Syngress Publishing, 2003
 
2
www.snort.org
 
3
www.whitehat.org

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking); Invasive software (e.g., viruses, worms, Trojan horses)


General Terms:
Human Factors, Performance, Security


Keywords:
intrusion detection, snort

Collaborative Colleagues:
Rich Henders: colleagues
Bill Opdyke: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player