POLYCENTER Security Intrusion Detector for ULTRIX and SunOS
jtruitt@dw3f.ess.harris.com
Fri, 05 Aug 94 09:42:56 -0400
POLYCENTER Security Intrusion Detector for ULTRIX and SunOS
HIGHLIGHTS
o Realtime detection and response to intruders -- reduces your customers'
cost of operations and provides added insurance against information theft
o Can be launched from Digital's POLYCENTER Framework centralized system
and network management platform
o $400/node, Volume Discount B available
o Extended to the multivendor environment -- RISC ULTRIX available for
shipping this month and SunOS in May
INTRODUCTION
POLYCENTER Security Intrusion Detector (formerly DECinspect) is a real-time
security monitoring application for the ULTRIX and SunOS operating systems.
It performs knowledge-based analysis of the output of the audit subsystem to
recognize and respond to security-relevant activity. Violations such as
attempted logins, unauthorized access to files, illegal setuid programs, and
unauthorized audit modifications are automatically detected and acted upon.
This frees the system or security manager to tackle more important end-user
issues, such as training or installing new applications.
POLYCENTER Security Intrusion Detector for ULTRIX and for SunOS are two new
separate software product offerings. They are offered as part of the
complete family of POLYCENTER Security products available for the system or
security manager.
KEY FEATURES
o Runs on every ULTRIX RISC or SunOS system in a customer's network to
detect and take action in realtime on intruders -- whether malicious
hackers or inadvertent users.
o Uses a built-in knowledge-base to automatically interpret the audit log
data -- much like an experienced security officer with plenty of time
would do -- and automatically generates security actions.
o 13 Security Events are handled:
access-control-event A failed attempt to modify the
protection of any file and the
successful modification of the
protection of a critical file
account-auth-event A creation or modification of a user
account, including a password change
audit-subsystem-event A change to the audit subsystem
including queries of the audit
state, starting or stopping of
auditing, changes to system and user
audit levels
breakin-event Successive login failures
database-auth-event Access to an authorization database
file-transfer-event A network file copy
logfail-event A failed login
login-event A successful login
obj-access-event A failed attempt to access any file
or device and the successful
modification of a critical file
privileged-process-creation-event Gaining privilege by running an
event SUID-to-root program that is
not registered as a critical file
process-id-change-event A change in the audit-id of a
process
process-termination-event Logouts and any exiting of a
monitored process
program-execution-event Execution of a program that has been
recently modified.
o Tailorable automatic responses to an intruder include:
- sending mail to designated security officers
- further monitoring the security-relevant actions of the offender
- re-enabling of audit data generation
- shutting down an offending process
o Filters a large volume of audit data, reducing it to a manageable set of
relevant information for the system manager to review, permits more
frequent archiving of old data and ultimately means the customer uses
less system disk space.
o Can be launched from Digital's POLYCENTER Framework for centralized
system and network management. This is the first step toward integrating
the POLYCENTER Security Intrusion Detector with industry-leading
management command stations.
o Produces daily or weekly summaries of security-relevant activity.
o Security-relevant activity of several RISC ULTRIX and SunOS nodes can be
monitored from one designated Manager Interface node, giving the customer
the ability to monitor security on a larger number of machines with fewer
people.
o Coverage is provided twenty-four hours per day, seven days a week.
PRICING/ORDERING INFORMATION
The price is $400/system node, regardless of system maker or size. Volume
discount B is available:
Quantity Discount Quantity Discount
0- 49 0% 500-599 12%
50- 99 5% 600-699 13%
100-199 6% 700-799 14%
200-249 7% 800-899 15%
250-299 8% 900-999 16%
300-399 10% 1000+ 17%
400-499 11%
Model Numbers:
QL-NB7A9-AA POLYCENTER Security Intrusion Detector for ULTRIX V1.0
QA-NB7AA-H5 RISC ULTRIX TK50 Kit
QA-NB7AA-HM RISC ULTRIX Magnetic Tape Kit
QA-NB7AA-H8 RISC ULTRIX CDROM Kit
QA-NB7AA-GZ RISC ULTRIX Documentation Kit
QL-NB8A9-AA POLYCENTER Security Intrusion Detector for SunOS V1.0
QA-NB8AA-HP SUN QIC Tape Kit
QA-NB8AA-H8 SUN CDROM Kit
QA-NB8AA-GZ SUN Documentation Kit
PREREQUISITES
POLYCENTER Security Intrusion Detector for ULTRIX V1.0
Hardware Any Digital MIPS RISC platform running ULTRIX V4.0 or
higher.
Software RISC ULTRIX V4.0 - V4.3 ULTRIX Enhanced Security Features
subset must be installed, however POLYCENTER Security
Intrusion Detector does not require that the user be running
at the ULTRIX enhanced security level.
POLYCENTER Security Intrusion Detector for SunOS V1.0.
Hardware Any SPARC-based platform (Sun 4 or SPARCstation) running
SunOS V4.1.2.
Software SunOS V4.1.2. It must be this version as it contains the
needed Basic Security Module (BSM)
RESOURCES
POLYCENTER Security Intrusion Detector
o SPD for ULTRIX, 43.07.XX
o SPD for SunOS, 43.09.XX
- ----------
SunOS and SPARC are trademarks of Sun Microsystems, Inc.
Server Home Page | Document Search | Page Search | Content Search