Threat & Service Monitoring
Nagios – Security Event Monitoring
Nagios reports security events via web, WAP, SMS and email. As well as monitoring servers and services, The Bunker has adapted Nagios to monitor the environment within The Bunker to enable its security management team to gather information on the condition of other network equipment such as switches, routers and load balancers, temperature, humidity and light levels.
Cacti - Bandwidth Monitoring
The Bunker’s bandwidth monitoring is provided by Cacti, which is used to analyse and display data in the form of graphs and reports. Bandwidth graphs are updated every minute and are monitored by The Bunker’s security management team.
These graphs give an immediate indication of any load problems or failures with any of our upstream service providers. This enables The Bunker to re-route traffic via our BGP gateway so that clients don’t experience any failure or latency.
Snort - Network Intrusion Detection
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
BASE (Basic Analysis and Security Engine)
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. BASE is a front end for the snort IDS system.
Nagios reports security events via web, WAP, SMS and email. As well as monitoring servers and services, The Bunker has adapted Nagios to monitor the environment within The Bunker to enable its security management team to gather information on the condition of other network equipment such as switches, routers and load balancers, temperature, humidity and light levels.
Cacti - Bandwidth Monitoring
The Bunker’s bandwidth monitoring is provided by Cacti, which is used to analyse and display data in the form of graphs and reports. Bandwidth graphs are updated every minute and are monitored by The Bunker’s security management team.
These graphs give an immediate indication of any load problems or failures with any of our upstream service providers. This enables The Bunker to re-route traffic via our BGP gateway so that clients don’t experience any failure or latency.
Snort - Network Intrusion Detection
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
BASE (Basic Analysis and Security Engine)
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. BASE is a front end for the snort IDS system.
