CASTELLAN:
Managing Distributed Intrusion Detection
Contact: Greg Ganger
Many organizations use intrusion detection systems (IDSs) to protect themselves against threats such as viruses and attacks. We are developing new self-securing devices (e.g., self-securing storage and NIC-based firewalls), to provide increased security by creating separate, smaller security domains. However, this distribution of security raises significant administrative challenges.
In this project, we are developing Castellan, a software tool for managing distributed intrusion detection systems. Castellan will support network administrators in:
- Configuration - Setting appropriate policies on different self-securing devices.
- Detection - Notification of security alerts.
- Diagnosis - Investigating alerts to determine what action to take (if any).
- Recovery - Using the logging and other enhanced features of self-securing devices to recover from intrusions.
We are currently in the design stages of Castellan and are talking with network administrators about their needs for managing distributed intrusion detection. A sketch of the Castellan interface follows.
People
FACULTY
STUDENTS
Acknowledgements
We thank the members and companies of the PDL Consortium: American Power Conversion, Data Domain, Inc., EMC Corporation, Facebook, Google, Hewlett-Packard Labs, Hitachi, IBM, Intel Corporation, LSI, Microsoft Research, NetApp, Inc., Oracle Corporation, Seagate Technology, Sun Microsystems, Symantec Corporation and VMware, Inc. for their interest, insights, feedback, and support.