... Picture – Part III Stephen NorthcuttS. Northcutt – v1.0 – Jul 2000Edited by J. Kolde – v1.1 – Aug 200023 Intrusion Detection - The Big Picture - SANS GIAC © 200023Deception Can Drive the Picture SSSSSCIRTCIRTMetaCIRT The ... they are a welcome facility for handling a new problem until ISS can put out a patch to detect it.1 Intrusion Detection - The Big Picture - SANS GIAC © 20001 Intrusion Detection The Big Picture ... 20002Network-Based Intrusion Detection • Host Based Intrusion Detection –Unix – Windows NT, 95, 98• Network-Based Intrusion Detection – Libpcap based tools, Snort, Shadow – ISS RealSecure–Cisco NetrangerOK,...