ASTi Telestra: Intrusion Detection

ASTi's Telestra 3 software provides advanced network security capabilities through "SNARE for Linux." SNARE (System iNtrusion Analysis and Reporting Environment) is an application that provides system auditing and intrusion detection via event logging.

The SNARE application is configured to detect and log certain operating system events and file/port access requests that would potentially indicate efforts at security intrusions. This event logging provides a log file that can be analyzed using a separate, customer-provided SNARE server.

Why would you want this? SNARE provides the Telestra platform with security capabilities that may be a prerequisite for deploying any Linux platform on a network with advanced security requirements.

ASTi's SNARE configuration is available as a software option, and is optimized to avoid compromising CPU or disk resources needed for a real-time audio server. In other words: We have adapted SNARE so it will not impact the operation of the Telestra system.

SNARE consists of two main components:

Kernel changes
In order to collect event log data, SNARE needs to add auditing support into the operating system.
SNARE Audit Daemon
The SNARE audit daemon acts as an interface between the Linux kernel and the security administrator. The audit daemon allows the administrator to turn on events, filter the output, and potentially push audit log information back to a central location for collection, analysis, and archival. The ASTi implementation is customized in order to maximize the performance of the platform, prevent undue loading, and still perform the required security functions.

After the SNARE option is enabled for the Telestra, the audit daemon will log activity to a specific file on the file system. This file can then be retrieved for analysis and security debriefings.

How to view the audit log:

The SNARE audit log file is stored on the Telestra file system at /var/log/audit/audit.log. To view the log, copy the file from the Telestra to your local machine (you must authenticate as the root user to do this). The file can then be opened with any ASCII compatible viewer. The following command allows the user to copy the file from the Telestra to a local machine using scp (Secure Copy). This command is executed from the user's local machine, and requires an SSH client. Enter:

scp root@IPADDRESS:/var/log/audit/audit.log audit.log

... where "IPADDRESS" is the IP address of the Telestra system in dotted-quad notation (e.g., 192.168.100.100). After complete file transfer, open the audit.log file in any text editor.

SNARE logo courtesy InterSect Alliance



Home Store News Products Pricing Support Installations Corporate Contact ASTi
ASTi Telestra: Intrusion Detection ASTi's Telestra 3 software provides advanced network security capabilities through "SNARE for Linux." SNARE (System iNtrusion Analysis and Reporting Environment) is an application that provides system auditing and intrusion detection via event logging. The SNARE application is configured to detect and log certain operating system events and file/port access requests that would potentially indicate efforts at security intrusions. This event logging provides a log file that can be analyzed using a separate, customer-provided SNARE server. Why would you want this? SNARE provides the Telestra platform with security capabilities that may be a prerequisite for deploying any Linux platform on a network with advanced security requirements. ASTi's SNARE configuration is available as a software option, and is optimized to avoid compromising CPU or disk resources needed for a real-time audio server. In other words: We have adapted SNARE so it will not impact the operation of the Telestra system. SNARE consists of two main components: Kernel changes In order to collect event log data, SNARE needs to add auditing support into the operating system. SNARE Audit Daemon The SNARE audit daemon acts as an interface between the Linux kernel and the security administrator. The audit daemon allows the administrator to turn on events, filter the output, and potentially push audit log information back to a central location for collection, analysis, and archival. The ASTi implementation is customized in order to maximize the performance of the platform, prevent undue loading, and still perform the required security functions. After the SNARE option is enabled for the Telestra, the audit daemon will log activity to a specific file on the file system. This file can then be retrieved for analysis and security debriefings. How to view the audit log: The SNARE audit log file is stored on the Telestra file system at `/var/log/audit/audit.log`. To view the log, copy the file from the Telestra to your local machine (you must authenticate as the root user to do this). The file can then be opened with any ASCII compatible viewer. The following command allows the user to copy the file from the Telestra to a local machine using scp (Secure Copy). This command is executed from the user's local machine, and requires an SSH client. Enter: scp root@IPADDRESS:/var/log/audit/audit.log audit.log ... where "IPADDRESS" is the IP address of the Telestra system in dotted-quad notation (e.g., 192.168.100.100). After complete file transfer, open the audit.log file in any text editor. SNARE logo courtesy InterSect Alliance	Telestra System Platform Overview Telestra Software USB Hardware Security Options
Home Store News Products Pricing Support Installations Corporate Contact ASTi
Copyright 1997-2008 ASTi \| Legal Stuff