Coming soon: Intrusion detection cheat sheet from SANS

Crystal Bedell

Help is on its way for security professionals and the sysadmins they depend on to detect intrusions.

In December, the SANS Institute will publish a Sysadmin Cheat Sheet for Detecting Intruders, Ed Skoudis, security consultant

    Requires Free Membership to View

with International Network Services, told SearchSecurity. Skoudis is currently contributing to the project aimed at helping IT and security work together in the area of intrusion detection.

Skoudis said security needs the help of sysadmins when it comes to keeping systems patched and watching for abnormal behavior. "Sysadmins need to be the eyes and ears for the security people, because they can't touch everything," he said.

The cheat sheet is a one-page outline of tasks to aid sysadmins in detecting anomalous behavior, including how to look for unusual processes and ports. Sysadmins can go through the quick checklist on a daily or weekly basis, said Skoudis.

The document will be available for free download online, and companies will be able to add their logo and contact information for their incident response team before distributing to IT folks.

"The idea is that 90% of sysadmins don't really know what to do, and if they do know, they don't know where to call so they freelance it themselves," said Skoudis.

The Sysadmin Cheat Sheet for Detecting Intruders will be available in separate versions for Linux and Windows.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: