A Navy directive orders the migration of Navy computer systems to an Internet-connected network of Windows NT workstations and servers. Windows NT possesses the security features of a class C2 computer system but does not offer a standard real-time host-based tool to process the security-event audit data to detect intrusions or misuse. We discuss what would entail in general. We also report on experiments with a sensor program, which resides on each workstation and server in the network and provides some real-time processing of NT host- based events. It passes information to an Agent that communicates to other Agents in the network, in an effort to identify and respond to an intrusion into the network. The Navy audit policy and the methods of implementing the policy are also investigated in this thesis.
展开▼
机译:海军指令命令海军计算机系统迁移到Windows NT工作站和服务器的Internet连接网络。 Windows NT具有C2类计算机系统的安全功能,但不提供基于标准的基于主机的实时工具来处理安全事件审核数据以检测入侵或滥用。我们讨论一般情况。我们还报告了使用传感器程序进行的实验,该程序位于网络中的每个工作站和服务器上,并提供基于NT主机事件的实时处理。它会将信息传递给与网络中其他代理进行通信的代理,以识别并响应对网络的入侵。本文还研究了海军审计政策及其实施方法。
展开▼
