Last Updated: 2006-08-05 15:06:28 UTC
by Johannes Ullrich (Version: 1)
Limit logins to ssh keys, whcih eliminates the problem of password brute forcing. SSH keys can be used to limit access by IP address, or you can limit a user to execute a specific command based on what ssh key they use (great for automatic backups).
Last Updated: 2006-08-05 14:18:31 UTC
by Mike Poor (Version: 1)
Scenario: mobile malicious code compromises 150 hosts on your network. Those hosts are loaded with bot software. Bots need to talk to a command and control channel, and by observing these surges of bots connecting within a threshold of time... we can detect this anomolous pattern.
Ron has released code and screenshots on his research. Definitely worth checking out.
Mike Poor mike <at> intelguardians.com
Please choose a specific diary above to comment