Protect Your Information with Intrusion Detection (Power)

The Common Intrusion Detection Framework (CIDF) project, sponsored by DARPA, was launched in January of 1997. Within the framework of this project, the developers aim to produce a universal protocol intended for information exchange between intrusion detection systems from different manufacturers. Note that CIDF (http://www.gidos.org/) is a research project that is not intended for the commercial market. It is used mainly by manufacturers of intrusion detection systems intended for use by governmental organizations (mainly in the USA). This project also integrates a special attack description language—Common Intrusion Specification Language (CISL) [Proctor1-01]. An example illustrating rules written using the CISL language is presented in Listing 13.1.

Listing 13.1. An Example Illustrating the Use of CISL for Describing Rules for Deleting the/etc/passwd File

(Delete (When (Time '12:24 15 Mar 1999 UTC') ) (Initiator (UserName 'joe') (UserID 1234) (HostName 'bank.ru') ) (FileSource (FullPathName '/etc/passwd') (HostName 'bank. ru') ) )