11. Conclusion


Let's face it, the current state of technology and standard practices are not up to the task of protecting against the panoply of today's various threats, especially with the new breed of multi-vector worms and the like. In theory, one's best hope is to set up several layers of defences, praying that the defences in place will stop, or at least alert, when attacks using known and unknown attack vectors are pitched against the network. In theory, still, this is a very good approach, but in practice it has some pitfalls of its own, such as the volume of log to parse regularly, no single, unified way to treat them all, and previous unavailability of some vital data. The problem of being alerted in time was also approached.

LogIDS is a new step towards a single, unified (but not necessarily exclusive) way to handle your security logs and to help you in your goal of improving your network security and detecting intrusions if they still can occur despite your efforts. I do not claim that LogIDS alone is sufficient to take care of all your security needs; instead I bet on the sum of your enhanced security infrastructure being greater than the simple sum of its various parts. I tried with LogIDS to present a comprehensive, easy to use and to configure interface in order to present it in a form where a human brain can more quickly determine the various formatted data that is presented in front of him in order to help him in his analysing tasks. And more importantly, it notifies you in real time of suspicious activities, and keeps a precious log trail for post-event analysis & damage control and/or for future prosecution. It is hard for me right now to evaluate the impact LogIDS and the accompanying tools described in this paper will have on the future of network security, but one thing is sure, it is that I cannot wait to see how it is going to evolve in respect to user feedback from their own experiences with LogIDS.

10. Practical case scenario
Appendix A. Resources