Verifying the secure setup of Unix client/servers and detection of network intrusion
This paper describes our technical approach to developing and delivering Unix host- and network-based security products to meet the increasing challenges in information security. Today`s global ``Infosphere`` presents us with a networked environment that knows no geographical, national, or temporal boundaries, and no ownership, laws, or identity cards. This seamless aggregation of computers, networks, databases, applications, and the like store, transmit, and process information. This information is now recognized as an asset to governments, corporations, and individuals alike. This information must be protected from misuse. The Security Profile Inspector (SPI) performs static analyses of Unix-based clients and servers to check on their security configuration. SPI`s broad range of security tests and flexible usage options support the needs of novice and expert system administrators alike. SPI`s use within the Department of Energy and Department of Defense has resulted in more secure systems, less vulnerable to hostile intentions. Host-based information protection techniques and tools must also be supported by network-based capabilities. Our experience shows that a weak link in a network of clients and servers presents itself sooner or later, and can be more readily identified by dynamic intrusion detection techniques and tools. The Network Intrusion Detector (NID) is one such tool. NID is designed to monitor and analyze activity on an Ethernet broadcast Local Area Network segment and produce transcripts of suspicious user connections. NID`s retrospective and real-time modes have proven invaluable to security officers faced with ongoing attacks to their systems and networks.
- Research Organization:
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
- Sponsoring Organization:
- Department of Defense, Washington, DC (United States)
- DOE Contract Number:
- W-7405-ENG-48
- OSTI ID:
- 109654
- Report Number(s):
- UCRL-JC-121510; CONF-9510189-1; ON: DE96000363
- Resource Relation:
- Conference: Phototonics East `95, Philadelphia, PA (United States), 22-26 Oct 1995; Other Information: PBD: Jul 1995
- Country of Publication:
- United States
- Language:
- English
Similar Records
An Object-Oriented Framework for Client-Server Applications
Tracking the Inside Intruder Using Net Log on Debug Logging in Microsoft Windows Server Operating Systems