Misuse and intrusion detection at Los Alamos National Laboratory

PDF Version Also Available for Download.

Description

An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in system audit records, in system vulnerability postures, and in other evidence found through active system testing. Since 1989 we have implemented a misuse and intrusion detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter, or NADIR. NADIR currently audits a Kerberos distributed authentication system, file activity on a mass, storage system, and four Cray supercomputers that run the UNICOS operating system. NADIR summarizes user activity and system configuration in statistical profiles. It compares ... continued below

Physical Description

20 p.

Creation Information

Jackson, K.A.; Neuman, M.C.; Simmonds, D.D.; Stallings, C.A.; Thompson, J.L. & Christoph, G.G. April 1, 1995.

Context

This article is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided by UNT Libraries Government Documents Department to Digital Library, a digital repository hosted by the UNT Libraries. More information about this article can be viewed below.

Who

People and organizations associated with either the creation of this article or its content.

Sponsor

Publisher

Provided By

UNT Libraries Government Documents Department

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Contact Us

What

Descriptive information to help identify this article. Follow the links below to find similar items on the Digital Library.

Description

An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in system audit records, in system vulnerability postures, and in other evidence found through active system testing. Since 1989 we have implemented a misuse and intrusion detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter, or NADIR. NADIR currently audits a Kerberos distributed authentication system, file activity on a mass, storage system, and four Cray supercomputers that run the UNICOS operating system. NADIR summarizes user activity and system configuration in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations, As NADIR is constantly evolving, this paper reports its development to date.

Physical Description

20 p.

Notes

OSTI as DE95009413

Source

  • 17. Department of Energy computer security group training conference, Milwaukee, WI (United States), 1-4 May 1995

Language

Item Type

Identifier

Unique identifying numbers for this article in the Digital Library or other systems.

  • Other: DE95009413
  • Report No.: LA-UR--95-1039
  • Report No.: CONF-9505191--1
  • Grant Number: W-7405-ENG-36
  • Office of Scientific & Technical Information Report Number: 42500
  • Archival Resource Key: ark:/67531/metadc676321

Collections

This article is part of the following collection of related materials.

Office of Scientific & Technical Information Technical Reports

What responsibilities do I have when using this article?

When

Dates and time periods associated with this article.

Creation Date

  • April 1, 1995

Added to The UNT Digital Library

  • July 25, 2015, 2:20 a.m.

Description Last Updated

  • Feb. 25, 2016, 9 p.m.

Usage Statistics

When was this article last used?

Yesterday: 0
Past 30 days: 0
Total Uses: 4

Interact With This Article

Here are some suggestions for what to do next.

Start Reading

PDF Version Also Available for Download.

Citations, Rights, Re-Use

Jackson, K.A.; Neuman, M.C.; Simmonds, D.D.; Stallings, C.A.; Thompson, J.L. & Christoph, G.G. Misuse and intrusion detection at Los Alamos National Laboratory, article, April 1, 1995; New Mexico. (digital.library.unt.edu/ark:/67531/metadc676321/: accessed September 24, 2017), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.