Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring.
DansGuardian is a Web content filtering proxy that uses Squid to do all the fetching. It filters using multiple methods including, but not limited to, phrase matching, file extension matching, MIME type matching, PICS filtering, and URL/domain blocking. It has the ability to switch off filtering by certain criteria including username, domain name, source IP, etc. The configurable logging produces a log in an easy to read format. It has the option to only log text-based pages, thus significantly reducing redundant information (such as every image on a page).
MCS MyRoute helps diagnose connectivity problems with detailed network routing discovery and analysis, providing visibility to poor-performing networks and devices. It includes a Java applet that enables remote users to easily test connections from the MyRoute server. Essential diagnostic tools including traceroute, ping, reverse DNS, and whois are combined into a single graphical interface that analyzes Internet connections, reporting quick and essential data points for finding connectivity problems. An IP location database identifies the geographical location of IP addresses and Web servers, showing the path of an Internet connection on a global map.
Kismet is an 802.11 layer 2 wireless network detector, sniffer, and intrusion detection system. It will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic (device drivers permitting). It identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of non-beaconing networks via data traffic.
FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.
WebJob downloads a program over HTTP/HTTPS and executes it in one unified operation. The output, if any, may be directed to stdout/stderr or a WebJob server. WebJob may be useful in incident response and intrusion analysis as it provides a mechanism to run known good diagnostic programs on a potentially compromised system. WebJob also provides a framework that is conducive to centralized management. Therefore, it can support and help automate a large number of common administrative tasks and host-based monitoring scenarios.
The Prelude Library (libprelude) is the glue that binds all aspects of Prelude together. Prelude is a hybrid Intrusion Detection framework implementing an open communication layer for use by any security application. libprelude is a library that enables Prelude components to communicate with the Prelude concentrator. It also makes it easy for third party software to be made 'Prelude Aware' (able to communicate with Prelude components). It provides common, useful features used by every sensor.