Using Basic Security Module (BSM), Tripwire, System Logs, and Symantec's ITA for Audit Data C

There are 2 main sources of information regarding intrusion detection to a networked computer system: networking traffic and auditing files. A more effective intrusion detection system (IDS) is provided when a multi-layered security approach is incorporated into a network of computers. Whatever attacks not detected by one layer of the IDS tools, another security application may detect an attack enabling an administrator to take future action preventing further intrusions. An IDS can provide security through application of three basic techniques: detection of anomalous traffic patterns (an intruder's usage of an automated port scanning tool on the network), misuse of computer resources (like unauthorized user access to files and/or services), and passive (auditing data collection) and active methods (using Symantec's Intruder Alert program to automatically take an action upon the detection of a specified event). In this paper we will provide examples of all three IDS techniques applied to a network of SUN boxes using the Solaris 8 Operating System (OS). It is not intended for this essay to present a complete security system. The primary focus of this paper is to provide host based set of tools auditing trace records of attempted attacks on a secured network of Solaris boxes.