Cyber Intrusion Detection
Utilizing a combination of tools including but not limited to Bro Intrusion Detection, netflow, and central syslog, the Computer Protection Program (CPP) works to detect intrusions into laboratory computers. Bro is an open-source, UNIX-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts).
By making use of tools to detect intrusions, the CPP is able to handle incidents before they spread widely and is able to secure affected systems in an effort to mitigate damage.
Related Links
Service Announcements
None
Rates/Service Level Agreements
Overhead funded
Policies/Guidelines/Terms of Service
None
FAQ
None
Contact
CPP at cppm@lbl.gov
IT Help Desk
For technical support, please call the IT Help Desk at 486-4357 or go to the IT Help Desk Web site.
