27 September 2004 to 1 October 2004
Interlaken, Switzerland
Europe/Zurich timezone

Using Nagios for intrusion detection

29 Sept 2004, 14:40
20m
Brunig 3 (Interlaken, Switzerland)

Brunig 3

Interlaken, Switzerland

oral presentation Track 4 - Distributed Computing Services Grid Security

Speaker

M. Cardenas Montes (CIEMAT)

Description

Implementing strategies for secured access to widely accessible clusters is a basic requirement of these services, in particular if GRID integration is sought for. This issue has two complementary lines to be considered: security perimeter and intrusion detection systems. In this paper we address aspects of the second one. Compared to classical intrusion detection mechanisms, close monitoring of computer services can substantially help to detect intrusion signs. Having alarms indicating the presence of an intrusion into the system, allows system administrators to take fast actions to minimize damages and stop diffusion towards other critical systems. One possible monitoring tool is Nagios (www.nagios.org), a powerful GNU tool with capacity to observe and collect information about a variety of services, and trigger alerts. In this paper we present the work done at CIEMAT, where we have applied these directives to our local cluster.We have implemented a system to monitor the hardware and system sensitive information. We describe the process and show through different simulated security threads how does our implementation respond to it.

Primary authors

Presentation materials