FYI - The Watcher Network Monitoring Program

James O. (jtruitt@iu.net)
Mon, 27 Mar 1995 23:07:51 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James O.: "FYI - Computer Security Laboratory (a.k.a. seclab)"
Previous message: James O.: "FYI - The Watcher Network Monitoring Program"

UNICORN - Unicos Realtime NADIR

NADIR (which stands for Network Anomaly Detector and Intrusion Report) was 
one of the first
automated intrusion detection systems designed and implemented. Originally 
it was designed to
accept audit logs from a Los Alamos network security controller running a 
homegrown version of
Kerberos.

This year it was decided to expand NADIR to be more general and more powerful.
The result is UNICORN--Unicos Realtime NADIR. Unicorn will accept audit logs 
from Unicos (Cray Unix), Kerberos, and our common file system, then analyze 
them and attempt to detect intruders in realtime. Because Unicorn was 
designed for Kerberos and Unix, the design can be applied to many
other network configurations.


URL: http://www.c3.lanl.gov/~mcn/unicorn.html
JT

Next message: James O.: "FYI - Computer Security Laboratory (a.k.a. seclab)"
Previous message: James O.: "FYI - The Watcher Network Monitoring Program"