CASTELLAN:
Managing Distributed Intrusion Detection
Contact: Greg Ganger
Many organizations use intrusion detection systems (IDSs) to protect themselves against threats such as viruses and attacks. We are developing new self-securing devices (e.g., self-securing storage and NIC-based firewalls), to provide increased security by creating separate, smaller security domains. However, this distribution of security raises significant administrative challenges.
In this project, we are developing Castellan, a software tool for managing distributed intrusion detection systems. Castellan will support network administrators in:
- Configuration - Setting appropriate policies on different self-securing devices.
- Detection - Notification of security alerts.
- Diagnosis - Investigating alerts to determine what action to take (if any).
- Recovery - Using the logging and other enhanced features of self-securing devices to recover from intrusions.
We are currently in the design stages of Castellan and are talking with network administrators about their needs for managing distributed intrusion detection. A sketch of the Castellan interface follows.
People
FACULTY
STUDENTS
Acknowledgements
We thank the members and companies of the PDL Consortium: American Power Conversion, EMC Corporation, Emulex, Facebook, Fusion-io,Google, Hewlett-Packard Labs, Hitachi, Intel Corporation, Microsoft Research, NEC Laboratories, NetApp, Inc., Oracle Corporation, Panasas, Riverbed, Samsung Information Systems America, Seagate Technology, STEC, Inc., Symantec Corporation and VMware, Inc. for their interest, insights, feedback, and support.