Caspar: > has anybody experiences with CA-Unicenter concerning intrusion > detection? I don't know Unicenter. I just had a sales guy here > and he said the this application has a security module to log > attacks form users and form hackers, as well... Just the same thing you have... the software salesmans presentations. But he maintains you can establish triggers in Unicenter and have scripts execute depending upon your requirements (dare I say policy). This can include paging the sysop if your system has a modem, or whatever else you might desire to do. It seems to all be driven off the entries into the system log. They do their own login control (offering tod, dow, and other types of controls above what you get with plain vanilla UNIX) and can hit the log with what appears to be intrusions (can set a trigger number). This can be programmed to establish a denial of service (lockout until sysadmin resets) or some other action as your policy dictates. As I say - its all hypothetical to me as I haven't seen it in operaition yet. We do have UNICENTER in house and have purchased it. Would like to keep in touch with you and other UNICENTER users as we work through this thing... ---------------------------------------------------------------------- Internet: mshines@ia.purdue.edu | Michael S. Hines Bitnet: michaelh@purccvm | Sr. Information Systems Auditor Purdue WIZARD Mail: MSHINES | Purdue University GTE Net Voice: (317) 494-5845 | 1065 Freehafer Hall GTE Net FAX: (317) 496-1814 | West Lafayette, IN 47907-1065