• Who We Are
• IT Help Desk

IT Services

• Workstation Support
• Email and Collaboration Tools
• Printing and Storage
• Servers and Clusters
• Business Support Applications
• Security, Passwords, and User Accounts
• Application Development
• Networking
• Telephones
• Journals and Publishing

---

Quick Links

• Change Password
• Access LBNL off-site
• Computer Registration
• Downloads
• IT Single Bill
• IT Rates
• Buy A Computer

---

• Cyber Security
• MyBLIS
• Scientific Cluster
      Support
• Workstation
      Standardization &
      Centralization (WSC)

Cyber Intrusion Detection

Utilizing a combination of tools including but not limited to Bro Intrusion Detection, netflow, and central syslog, the Computer Protection Program (CPP) works to detect intrusions into laboratory computers. Bro is an open-source, UNIX-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts).

By making use of tools to detect intrusions, the CPP is able to handle incidents before they spread widely and is able to secure affected systems in an effort to mitigate damage.

Related Links

• Bro IDS
• Central syslog service

Service Announcements

None

Rates/Service Level Agreements

Overhead funded

Policies/Guidelines/Terms of Service

None

FAQ

None

Contact

CPP at cppm@lbl.gov

IT Help Desk

For technical support, please call the IT Help Desk at 486-4357 or go to the IT Help Desk Web site.