On-Demand Enterprise

On-Demand Enterprise >> Off the Wire

November 13, 2006

Berkeley Lab to Demo Scalable Cyber Security at SC06

Striking a balance between the openness needed for scientific research and the requirements for strong cyber security is an ongoing challenge, made even more difficult by ever-increasing bandwidth.

But Lawrence Berkeley National Laboratory has developed a comprehensive approach to cyber security that allows the open exchange of scientific knowledge while simultaneously protecting critical resources from attacks -- the Bro intrusion detection system. And now, Bro is Big Bro in the form of a scalable cluster which will demonstrate its effectiveness on a 10 gigabit network connection during the SC06 conference to be held Nov. 11-17 in Tampa. The demo will be featured in LBNL's booth, number 1812.

First developed by Vern Paxson at LBNL in 1996, Bro is an open-source, UNIX-based network intrusion detection system that passively monitors network traffic and looks for suspicious activity. Since 2001, Bro has also been deployed at SC conferences, monitoring incoming and outgoing traffic. At SC03, the "Spinning Cube of Potential Doom" debuted, providing attendees with a graphical representation of the scanning attempts on network connections at the conference.

Bro detects intrusions by first parsing network traffic to extract is application-level semantics and then executing event-oriented analyzers that compare the activity with patterns deemed troublesome. Bro's power comes from its semantically high-level, rich contextual analysis engine, which allows it to detect complex patterns of behavior and test for compliance with sophisticated, site-specific policies.

In today's high-speed environments, it becomes less feasible to monitor traffic using a single system as network bandwidth increases. The idea behind the Bro cluster is to partition traffic flows across multiple systems. Each worker node parses the flows assigned to it and performs preliminary application-level analysis. It then submits distillations of the network activity to a single high-level node for global analysis, such as detecting network scans. Higher bandwidth loads can be handled by simply adding additional worker nodes.

Bro has been successfully used on operational, high-speed networks at LBNL and elsewhere. Bro has detected hundreds of intrusions in complex, real-world environments –- intrusions that would have otherwise gone unnoticed. Logs generated by Bro have also been used by law enforcement agencies in tracking and apprehending hackers.

Bro was named after the ever-watching Big Brother in George Orwell's novel, "1984."

Learn more about Bro and download the latest version from: http://bro-ids.org/.

-----

Source: Lawrence Berkeley National Laboratory


Article Tools

  • Print This Article

Share & Save Options

Discussion

There are 0 discussion items posted.  

Sponsored Links

RSS Feeds

Feeds by Topic

Feeds by Content Type



Feature Articles

Network-Attached Memory: Virtualization for Java Environments

Network-attached memory is analogous to network-attached storage (NAS) in that it provides a service to thousands of connected clients transparently. As NAS is transparent underneath the file system, network-attached memory is transparent underneath the Java language. But in Terracotta’s network-attached memory pool, everything can be massively scaled out.
Read More...

Oracle Shifts Grid Focus to the Application

Oracle's newest candidate to solve some of IT Nation's biggest problems has now officially hit the campaign trail, and its name is WebLogic Application Grid. This new assemblage of software is meant to put grid capabilities at the foundation of an organization's computing operations by pooling IT resources and allocating them to workloads as needed. But this is one solution Oracle is not labeling "cloud computing."
Read More...

Cloud Computing and the Financial Crisis

A somewhat neglected aspect of the current financial crisis is the huge spike in trading volumes in recent days. In some cases, they have raised to more than double the average of the months (and years) that preceded the crisis. Systems, of course, don't care if stocks are going up or down; they just need to handle the transactions. Cloud computing can help ensure they meet this task.
Read More...

Top Headlines

Peering Behind the Cloud

Oct 06 | Computerworld | If cloud computing will be mainstream in 2-5 years, as predicted by Gartner analysts, now may be a good time to try it out. Read more...

Verari Noses HP, IBM with Third Gen Blades

Oct 06 | The Register | Verari Systems has just updated its blade boxes to have a stronger appeal to enterprise customers. Read more...

Embracing a New Virtual Reality

Oct 06 | The Sunday Business Post | The significance of virtualisation has enabled companies to work more effectively, while also saving money. Read more...

Can You Bet on the Cloud?

Oct 03 | eWeek | The future of computing may be a lot harder to predict than the weather. So, can you bet your company on the cloud? Read more...

10 Ways the Financial Meltdown Impacts Tech

Oct 03 | Seeking Alpha | Can the problems impacting the financial sector impact technology companies? You bet they can! Read more...

Multimedia

Newsletters

Stay informed! Subscribe to On-Demand Enterprise email Newsletters.

Get updates and insights on the Real-time computing industry delivered directly to your inbox.






Featured Events

World Summit of Cloud Computing

On-Demand Job Bank

Home | News | Features | Blogs | On-Demand Markets | Whitepapers | Multimedia | Events | Job Bank | Applications | Cloud Computing | Data, Data, Data | Datacenter Solutions | Flexible Storage | Hardware | Industry Solutions | SOA | Virtualization | Subscribe | Contact Us | Editorial Calendar | Reprints | Site Map
On-Demand Enterprise
Tabor Communications | Tabor Research | Tabor Publications & Events | HPCwire
Tabor Communications