Cyber Intrusion Detection

Skip to end of metadata
Go to start of metadata

Overview

Using a combination of tools including but not limited to Bro Intrusion Detection, netflow, and central syslog, the Computer Protection Program (CPP) works to detect intrusions into LBNL computers. Bro is an open-source, UNIX-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts). By making use of tools to detect intrusions, CPP is able to handle incidents before they spread widely and is able to secure affected systems in an effort to mitigate damage.

Getting Started

CPP will initiate contact if a system is compromised, if contact information is available. 

Help

Call the Helpdesk at ext. 4357 (486-4357) or e-mail help@lbl.gov.

References

Related Services

Rates

The service is part of the Berkeley Lab Technology Resource Kit and is provided to all employees and affiliates at no recharge.