Real-time intrusion detection for Windows NT based on Navy IT-21 audit policy
A Navy directive orders the migration of Navy computer systems to an Internet-connected network of Windows NT workstations and servers. Windows NT possesses the security features of a class C2 computer system but does not offer a standard real-time host-based tool to process the security-event audit...
| Main Author: | |
|---|---|
| Other Authors: | |
| Language: | en_US |
| Published: |
Monterey, California: Naval Postgraduate School
2012
|
| Online Access: | http://hdl.handle.net/10945/13694 |
| Summary: | A Navy directive orders the migration of Navy computer systems to an Internet-connected network of Windows NT workstations and servers. Windows NT possesses the security features of a class C2 computer system but does not offer a standard real-time host-based tool to process the security-event audit data to detect intrusions or misuse. We discuss what would entail in general. We also report on experiments with a sensor program, which resides on each workstation and server in the network and provides some real-time processing of NT host- based events. It passes information to an Agent that communicates to other Agents in the network, in an effort to identify and respond to an intrusion into the network. The Navy audit policy and the methods of implementing the policy are also investigated in this thesis. |
|---|