[AG-TECH] LANL Advanced computing Seminar Series

[Cindy Sievers]

All sites are invited to participate in the LANL Advanced Computing Seminar 
Series.  Details about today's talk are below:

TITLE:    Recent Developments with the Bro Network Intrusion Detection System

SPEAKER:  Brian L. Tierney, Lawrence Berkeley National Laboratory
          http://dsd.lbl.gov/~tierney

WHEN:     Thursday, Feb 2, 3:30pm Mountain Standard Time, participating 
sites should arrive an hour early for testing (2:30pm)

WHERE:   Titan Venue  - We will be using vnc or Shared Presentation tool

ABSTRACT: Bro is an open-source, Unix-based Network Intrusion Detection 
System (NIDS) that passively monitors network traffic and looks for 
suspicious traffic. Bro detects intrusions by comparing network traffic 
against a customizable set of rules describing events that are deemed 
troublesome. These rules might describe specific attacks (including those 
defined by "signatures") or unusual activities (e.g., certain hosts 
connecting to certain services or patterns of failed connection attempts). 
Bro uses a specialized policy language that allows a site to tailor Bro's 
operation, both as site policies evolve and as new attacks are discovered. 
This will will give a brief overview of Bro, and discuss recent work such 
as in incorporating syslog data into Bro and use of multiple Bro's 
exchanging information. It will also describe the newest Bro protocol 
analyzers, including a botnet detector.




============================================
Cindy Sievers           Los Alamos National Laboratory
sievers at lanl.gov        Group CCS-1 MS B287
tel:505.665.6602        Advanced Computing
fax:505.665.4939        Los Alamos, NM 87544
============================================