All sites are invited to participate in the LANL Advanced Computing Seminar
Series. Details about today's talk are below:
TITLE: Recent Developments with the Bro Network Intrusion Detection System
SPEAKER: Brian L. Tierney, Lawrence Berkeley National Laboratory
http://dsd.lbl.gov/~tierney
WHEN: Thursday, Feb 2, 3:30pm Mountain Standard Time, participating
sites should arrive an hour early for testing (2:30pm)
WHERE: Titan Venue - We will be using vnc or Shared Presentation tool
ABSTRACT: Bro is an open-source, Unix-based Network Intrusion Detection
System (NIDS) that passively monitors network traffic and looks for
suspicious traffic. Bro detects intrusions by comparing network traffic
against a customizable set of rules describing events that are deemed
troublesome. These rules might describe specific attacks (including those
defined by "signatures") or unusual activities (e.g., certain hosts
connecting to certain services or patterns of failed connection attempts).
Bro uses a specialized policy language that allows a site to tailor Bro's
operation, both as site policies evolve and as new attacks are discovered.
This will will give a brief overview of Bro, and discuss recent work such
as in incorporating syslog data into Bro and use of multiple Bro's
exchanging information. It will also describe the newest Bro protocol
analyzers, including a botnet detector.
============================================
Cindy Sievers Los Alamos National Laboratory
siev...@lanl.gov Group CCS-1 MS B287
tel:505.665.6602 Advanced Computing
fax:505.665.4939 Los Alamos, NM 87544
============================================
