Re: Intrusion Detection with CA-Unicenter ?
MICHAEL S. HINES (MSHINES@freh-02.adpc.purdue.edu)
Thu, 23 Mar 1995 14:45:17 EST
Caspar:
> has anybody experiences with CA-Unicenter concerning intrusion
> detection? I don't know Unicenter. I just had a sales guy here
> and he said the this application has a security module to log
> attacks form users and form hackers, as well...
Just the same thing you have... the software salesmans
presentations. But he maintains you can establish triggers in
Unicenter and have scripts execute depending upon your requirements
(dare I say policy). This can include paging the sysop if your
system has a modem, or whatever else you might desire to do. It
seems to all be driven off the entries into the system log. They do
their own login control (offering tod, dow, and other types of
controls above what you get with plain vanilla UNIX) and can hit the
log with what appears to be intrusions (can set a trigger number).
This can be programmed to establish a denial of service (lockout
until sysadmin resets) or some other action as your policy dictates.
As I say - its all hypothetical to me as I haven't seen it in
operaition yet. We do have UNICENTER in house and have purchased
it.
Would like to keep in touch with you and other UNICENTER users as we
work through this thing...
----------------------------------------------------------------------
Internet: mshines@ia.purdue.edu | Michael S. Hines
Bitnet: michaelh@purccvm | Sr. Information Systems Auditor
Purdue WIZARD Mail: MSHINES | Purdue University
GTE Net Voice: (317) 494-5845 | 1065 Freehafer Hall
GTE Net FAX: (317) 496-1814 | West Lafayette, IN 47907-1065