IDS for Solaris Beta testers requested

[Michael_Staggs () nai com (Staggs, Michael)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello All,
        Below is a description of the latest rev in dev of the CyberCop
Monitor IDS for the Solaris OS. If anyone is interested in the beta
testing of this stuff, respond to my address. Please also realize
that I will expect a pretty high level of feedback- commit to running
this thing through some hard paces and beat the heck out of it.

MJ

FEATURES

CyberCop Monitor (CCM) is a hybrid intrusion detection
system that provides additional security for individual 
computers through the analysis of any attacks targeted for 
the host on which it resides. CCM performs signature- and 
anomaly-based intrusion detection using host-based events 
as well as network packet and stream-based events directed 
at the host on which CCM is running, thereby providing 
finer control of system security. CCM runs on Solaris 2.6 
platforms using various support hardware, including 
multiprocessor systems. 

CyberCop Monitor for Solaris:

- - Provides two levels of CyberCop Monitor installation: an 
  installation program for installing CCM on a single machine 
  using one of several standard configurations, and a 
  Distributed Install interface which provides automatic 
  deployment of the standard configurations on multiple remote 
  machines. 

- - Provides a Policy Generator interface which allows you to 
  create custom configurations or edit the standard 
  configurations. The Policy Generator allows you to select, 
  edit, and view configurations.

- - The Policy Generator and the Distributed Install interface
  support hierarchical policy generation. Security policies 
  can be mapped to specified domains, subnets, and individual 
  hosts. Inheritance can be leveraged using the Distributed 
  Install interface when broad changes to a policy are desired, 
  reducing the number of times a change has to be made to a 
  generic setting. 

- - The Distributed Install interface allows you to specify 
  remote hosts where CCM will be installed, which policy to 
  distribute to each host, and which connection method 
  to use for deployment. Distributed installation includes 
  rsh and ssh support. Report generation for distributed 
  installation allows you to determine how to log and handle 
  installation failures. 

- - CCM configurations include audit policies, hardening 
  configuration, and alert configuration. Hardening configuration 
  includes service pre-scanning. Auditing can be installed 
  locally and run periodically as a cron job to ensure that 
  system modifications performed after CCM installation adhere 
  to the security posture desired when CCM was installed.

- - Alert configuration provides SMTP mail, local event logging, 
  syslog, and SNMP alert mechanisms and allows you to configure 
  one or multiple recipients for alerts. 

- - Monitors all network data that is targeted for the host 
  on which CCM resides, providing network packet and 
  stream-based detection.

- - Provides host-based detection.

- - Includes native IP fragmentation reassembly 
  and TCP resequencing. Frag router and CASL were used extensively
during development.

- - Includes password grinding detection.

- - Provides event report coalescing. Multiple identical events 
  are reported in progressively larger batches as attacks 
  continue. 

- - Provides a statistical logfile creation tool.

- - Uses a modular design that allows for easy update and 
  modification of signatures.  Detection signatures are 
  customizable as they are written in a flexible and modifiable 
  rule language. 

- - CCM configuration files created by the Policy Generator are 
  available also as signature rule text files that can be edited 
  manually if desired. CCM checks the syntax of signature rules
  that are customized manually to be sure they are correct.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3

iQA/AwUBOM0pzbt5Jbx9bxKEEQJSrwCfeGZhXkmXg1exCmMV1Qw3yJIiF9AAniy2
CgzDvKg3kqoUG326wXFNB7nw
=tmTu
-----END PGP SIGNATURE-----