|
|
|
Foundation ::
Networking Applications ::
Spitfire
|
Spitfire
Intrusion Detection Workstation
|
|
Moderators:
|
- Joe Whalley
|
Total downloads to date: 705
|
Spitfire was developed as a prototype operator workstation for Network Intrusion Detection System Operators. Early users of commercial network intrusion monitoring systems encountered several problems in detecting and responding to computer network intrusions:
- They could not keep pace with the high alarm volume created by multiple sensors.
- There was no means to easily recognize known intruders or view historical data of past intrusion attempts.
- Incident reporting required manual entry of intrusion detection data into a standalone database.
- Use of multiple commercial products required additional user training and workstations, and alarm data was not integrated.
Spitfires serves as a replacement/ supplement to the Cisco Net Ranger and/or ISS Realsecure GUI, using an Oracle database in a multi-user client/server system. Spitfire is written using Sybase's Powerbuilder.
Spitfire was developed by working with the operators at several agencies, including the 609th Information Warfare Squadron, the Naval Security Group and the Army Land Information Warfare Activity. By incorporating ideas from the end users, the tool evolved to provide the capabilities needed in day to day, real time operation, as well as providing a robust historical database of intrusion activity that could be queried to detect trends and patterns. Customized data loaders provide real-time alarm notification and loading into the Oracle database. New sensors can be incorporated by modifying the database loader. Operators can independently configure their workstation, and all users can access the entire database of new and stored alarms.
|
Copyright 2001, 2002 by the Mitre Corporation
ALL RIGHTS RESERVED
|
|
|
|
|
|
|
