Real-time intrusion detection for Windows NT based on Navy IT-21 audit policy
Kremer, H. Steven
Rowe, Neil C.
MetadataShow full item record
A Navy directive orders the migration of Navy computer systems to an Internet-connected network of Windows NT workstations and servers. Windows NT possesses the security features of a class C2 computer system but does not offer a standard real-time host-based tool to process the security-event audit data to detect intrusions or misuse. We discuss what would entail in general. We also report on experiments with a sensor program, which resides on each workstation and server in the network and provides some real-time processing of NT host- based events. It passes information to an Agent that communicates to other Agents in the network, in an effort to identify and respond to an intrusion into the network. The Navy audit policy and the methods of implementing the policy are also investigated in this thesis.
Showing items related by title, author, creator and subject.
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2006-07);July 2006. The July 2006 issue of Homeland Security Affairs offers articles about risk perception, domestic right wing extremist groups, social network analysis, and the impact of foreign policy on homeland security. It ...
Stone, Gary N. (Monterey, California. Naval Postgraduate School, 2000);Network policies are "traffic regulations" for the networks which make up the Internet. These are necessary for managing the flow of data, for access control to the network, and for managing the network to achieve other ...
Stone, Gary; Lundy, Bert; Xie, Geoffrey (Monterey, California. Naval Postgraduate School, 2000-08); NPS-CS-00-003In this report a survey of current network policy languages is presented. Next, a summary of the techniques for detecting policy conflicts is given. Finally, a new language, Path-based Policy Language (PPL), which offers ...