Practical Security Event Auditing with FreeBSD

Abstract

Security event auditing refers to the reliable and secure logging of security-related system events. It allows for post mortem analysis or live monitoring of system intrusions, as well as intrusion detection. It is also an essential part of the Common Access Protection Profile (CAPP) for Common Criteria (CC), a certification necessary for a system to be used in certain critical environments.

Auditing support has been around for a long time in commercial Unix systems like Solaris. In the BSD world however, it is a relatively unknown and new concept. Starting from version 6.2, FreeBSD provides support for it by means of the audit(4) kernel subsystem.

This talk aims at introducing the FreeBSD audit(4) facility, its supporting tools and benefits, as well as its limitations.

Date
Nov 14, 2010 10:00 — 11:00
Location
Cooper Union, New York City, NY, USA
Christian Brueffer
Christian Brueffer
Biomedical Data Scientist and Bioinformatician

Biomedical Data Scientist with interests including disease biology and diagnostics, particularly in cancer, and open source bioinformatics.