In order to create effective defensive policies and systems, it is critical to know as much as possible about malicious activity in the Internet. In this talk, I will discuss several different methods for gathering and analyzing data on attacks and intrusions in the Internet.
In particular, I will describe the standard techniques for monitoring network traffic for intrusions and anomalies, and methods for monitoring unused address space via honeynets. I will also describe how services and applications such as email, IRC and DNS can be monitored for malicious activity. Finally, I will talk about the ways in which information on attacks and intrusions can be used to both directly and indirectly improve IT security for a particular organization.
Back to Workshop II: Applications of Internet MRA to Cyber-Security