Using a combination of tools including but not limited to Bro Intrusion Detection, netflow, and central syslog, the Computer Protection Program (CPP) works to detect intrusions into LBNL computers. Bro is an open-source, UNIX-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts). By making use of tools to detect intrusions, CPP is able to handle incidents before they spread widely and is able to secure affected systems in an effort to mitigate damage.
CPP will initiate contact if a system is compromised, if contact information is available.
Call the Helpdesk at ext. 4357 (486-4357) or e-mail email@example.com.
The service is part of the Berkeley Lab Technology Resource Kit and is provided to all employees and affiliates at no recharge.