|
THE CASTELLAN PAGE HAS MOVED. PLEASE UPDATE YOUR BOOKMARKS. IF YOU ARE NOT REDIRECTED IN A FEW SECONDS, PLEASE CLICK HERE TO GO TO OUR NEW PAGE.
CASTELLAN:
Managing Distributed Intrusion Detection
[ Summary | People ]
Related Projects:
[ Self-Securing Devices | Self-Securing
Storage | NIC-based Firewalls
]
Many organizations use intrusion detection systems
(IDSs) to protect themselves against threats such as viruses and attacks.
We are developing new self-securing devices (e.g., self-securing storage
and NIC-based firewalls), to provide increased security by creating
separate, smaller security domains. However, this distribution of security
raises significant administrative challenges.
In this project, we are developing Castellan, a software tool for
managing distributed intrusion detection systems. Castellan will support
network administrators in:
- Configuration - Setting appropriate policies on different
self-securing devices.
- Detection - Notification of security alerts.
- Diagnosis - Investigating alerts to determine what action
to take (if any).
- Recovery - Using the logging and other enhanced features
of self-securing devices to recover from intrusions.
We are currently in the design stages of Castellan and are talking
with network administrators about their needs for managing distributed
intrusion detection. A sketch of the Castellan interface
follows.
People
Acknowledgements
We thank the members and companies of the PDL Consortium: American Power Conversion,
Data Domain, Inc.,
EMC Corporation,
Facebook,
Google,
Hewlett-Packard Labs,
Hitachi,
IBM,
Intel Corporation,
LSI,
Microsoft Research,
NetApp, Inc.,
Oracle Corporation,
Seagate Technology,
Sun Microsystems, Symantec Corporation and
VMware, Inc. for
their interest, insights, feedback, and support.
|
