POLYCENTER Security Intrusion Detector for ULTRIX and SunOS HIGHLIGHTS o Realtime detection and response to intruders -- reduces your customers' cost of operations and provides added insurance against information theft o Can be launched from Digital's POLYCENTER Framework centralized system and network management platform o $400/node, Volume Discount B available o Extended to the multivendor environment -- RISC ULTRIX available for shipping this month and SunOS in May INTRODUCTION POLYCENTER Security Intrusion Detector (formerly DECinspect) is a real-time security monitoring application for the ULTRIX and SunOS operating systems. It performs knowledge-based analysis of the output of the audit subsystem to recognize and respond to security-relevant activity. Violations such as attempted logins, unauthorized access to files, illegal setuid programs, and unauthorized audit modifications are automatically detected and acted upon. This frees the system or security manager to tackle more important end-user issues, such as training or installing new applications. POLYCENTER Security Intrusion Detector for ULTRIX and for SunOS are two new separate software product offerings. They are offered as part of the complete family of POLYCENTER Security products available for the system or security manager. KEY FEATURES o Runs on every ULTRIX RISC or SunOS system in a customer's network to detect and take action in realtime on intruders -- whether malicious hackers or inadvertent users. o Uses a built-in knowledge-base to automatically interpret the audit log data -- much like an experienced security officer with plenty of time would do -- and automatically generates security actions. o 13 Security Events are handled: access-control-event A failed attempt to modify the protection of any file and the successful modification of the protection of a critical file account-auth-event A creation or modification of a user account, including a password change audit-subsystem-event A change to the audit subsystem including queries of the audit state, starting or stopping of auditing, changes to system and user audit levels breakin-event Successive login failures database-auth-event Access to an authorization database file-transfer-event A network file copy logfail-event A failed login login-event A successful login obj-access-event A failed attempt to access any file or device and the successful modification of a critical file privileged-process-creation-event Gaining privilege by running an event SUID-to-root program that is not registered as a critical file process-id-change-event A change in the audit-id of a process process-termination-event Logouts and any exiting of a monitored process program-execution-event Execution of a program that has been recently modified. o Tailorable automatic responses to an intruder include: - sending mail to designated security officers - further monitoring the security-relevant actions of the offender - re-enabling of audit data generation - shutting down an offending process o Filters a large volume of audit data, reducing it to a manageable set of relevant information for the system manager to review, permits more frequent archiving of old data and ultimately means the customer uses less system disk space. o Can be launched from Digital's POLYCENTER Framework for centralized system and network management. This is the first step toward integrating the POLYCENTER Security Intrusion Detector with industry-leading management command stations. o Produces daily or weekly summaries of security-relevant activity. o Security-relevant activity of several RISC ULTRIX and SunOS nodes can be monitored from one designated Manager Interface node, giving the customer the ability to monitor security on a larger number of machines with fewer people. o Coverage is provided twenty-four hours per day, seven days a week. PRICING/ORDERING INFORMATION The price is $400/system node, regardless of system maker or size. Volume discount B is available: Quantity Discount Quantity Discount 0- 49 0% 500-599 12% 50- 99 5% 600-699 13% 100-199 6% 700-799 14% 200-249 7% 800-899 15% 250-299 8% 900-999 16% 300-399 10% 1000+ 17% 400-499 11% Model Numbers: QL-NB7A9-AA POLYCENTER Security Intrusion Detector for ULTRIX V1.0 QA-NB7AA-H5 RISC ULTRIX TK50 Kit QA-NB7AA-HM RISC ULTRIX Magnetic Tape Kit QA-NB7AA-H8 RISC ULTRIX CDROM Kit QA-NB7AA-GZ RISC ULTRIX Documentation Kit QL-NB8A9-AA POLYCENTER Security Intrusion Detector for SunOS V1.0 QA-NB8AA-HP SUN QIC Tape Kit QA-NB8AA-H8 SUN CDROM Kit QA-NB8AA-GZ SUN Documentation Kit PREREQUISITES POLYCENTER Security Intrusion Detector for ULTRIX V1.0 Hardware Any Digital MIPS RISC platform running ULTRIX V4.0 or higher. Software RISC ULTRIX V4.0 - V4.3 ULTRIX Enhanced Security Features subset must be installed, however POLYCENTER Security Intrusion Detector does not require that the user be running at the ULTRIX enhanced security level. POLYCENTER Security Intrusion Detector for SunOS V1.0. Hardware Any SPARC-based platform (Sun 4 or SPARCstation) running SunOS V4.1.2. Software SunOS V4.1.2. It must be this version as it contains the needed Basic Security Module (BSM) RESOURCES POLYCENTER Security Intrusion Detector o SPD for ULTRIX, 43.07.XX o SPD for SunOS, 43.09.XX - ---------- SunOS and SPARC are trademarks of Sun Microsystems, Inc. Server Home Page | Document Search | Page Search | Content Search