From: cult hero (jerichodimensional.com)
Date: Sun May 30 1999 - 04:27:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: root <rootpacketstorm.harvard.edu>

http://www.zdnet.com/pcweek/stories/news/0,4153,2267089,00.html

Hackers beware: IBM to sharpen Haxor
By Jim Kerstetter, PC Week Online
May 27 1999 4:49 PM ET

Hackers beware: Haxor is watching you from its perch in IBM's wide-ranging
security suite.

This fall, Haxor is due for a face lift, along with IBM's Boundary Server
firewall. They are two components of IBM's FirstSecure suite of
applications, which includes everything from intrusion detection software
to anti-virus software in the company's wider SecureWay security strategy.

Haxor will gain several new features, including better scanning for
stealth attacks, such as low-bandwidth hacks and coordinated attacks from
different geographic points, and improved ability to detect mangled and
overlapping packets, company officials said. IBM (NYSE:IBM) is also trying
to improve Haxor's ability to filter out the white noise of regular
network traffic, tuning it down enough so it can catch stealth attacks
while not setting off frequent false alarms.

Haxor was developed at IBM's Global Security Analysis Lab, in Hawthorne,
N.Y., said Dave Safford, manager at the lab. There are two kinds of
intrusion detection applications: One is based on servers or hosts and
looks for attacks on that individual system; the other is network-based
and sniffs packets as they come into the network, trying to determine if
an attack is taking place.

Haxor is network-based and can be found within IBM's FirstSecure suite as
well as Tivoli Systems Inc.'s CrossSite network management suite. "There
is an incredible amount of data that comes out of these things," Safford
said. "It can be a real problem."

To solve the problem, Safford said, IBM has developed "dynamic
sensitivity," which will be able to correlate the difference between the
attacks and legitimate traffic.

Network administrators are particularly interested in integration with
management tools from companies such as Tivoli. "That makes the most sense
to me. I want to be able to manage this from one point," said Doug Mallow,
network administrator at a West Coast bank.

Also this fall, the Boundary Server firewall will be more tightly
integrated with the SecureSite Policy Director, said IBM officials. Using
the Common Content Inspection specification that is now under development,
Boundary Server should be able to improve on performance, essentially
sharing packets of data with other content inspection applications such as
Content Technology Inc.'s MIMESweeper for e-mail inspection and Finjan
Software Ltd.'s SurfinGate mobile code-scanning software.

IBM in January unveiled its SecureWay strategy for Internet and network
security. Like competing packages from Hewlett-Packard Co., SecureWay is
made up of both home-grown and OEM applications.

IBM also has developed a Security Policy Director to tie together its
security pieces.

IBM can be reached at (914) 499-1900 or www.ibm.com.

-o-
Subscribe: mail majordomorepsec.com with "subscribe isn".
Today's ISN Sponsor: OSAll [www.aviary-mag.com]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]