THE CASTELLAN PAGE HAS MOVED. PLEASE UPDATE YOUR BOOKMARKS. IF YOU ARE NOT REDIRECTED IN A FEW SECONDS, PLEASE CLICK HERE TO GO TO OUR NEW PAGE.
[ Summary | People ]
Managing Distributed Intrusion Detection
[ Self-Securing Devices | Self-Securing
Storage | NIC-based Firewalls
Many organizations use intrusion detection systems
(IDSs) to protect themselves against threats such as viruses and attacks.
We are developing new self-securing devices (e.g., self-securing storage
and NIC-based firewalls), to provide increased security by creating
separate, smaller security domains. However, this distribution of security
raises significant administrative challenges.
In this project, we are developing Castellan, a software tool for
managing distributed intrusion detection systems. Castellan will support
network administrators in:
- Configuration - Setting appropriate policies on different
- Detection - Notification of security alerts.
- Diagnosis - Investigating alerts to determine what action
to take (if any).
- Recovery - Using the logging and other enhanced features
of self-securing devices to recover from intrusions.
We are currently in the design stages of Castellan and are talking
with network administrators about their needs for managing distributed
intrusion detection. A sketch of the Castellan interface
We thank the members and companies of the PDL Consortium: American Power Conversion,
Data Domain, Inc.,
Sun Microsystems, Symantec Corporation and
VMware, Inc. for
their interest, insights, feedback, and support.