|
|
Subscribe / Log in / New account

BASE, the Basic Analysis and Security Engine

[Posted November 23, 2004 by cook]

The BASE project (Basic Analysis and Security Engine) is a tool for network security monitoring:

This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system. BASE is a web interface to perform analysis of intrusions that snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly.

To understand BASE, one must first look at SNORT, an open-source Network Intrusion Detection System. The SNORT description says:

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

BASE uses its web-based interface to make access to the intrusion monitoring data simple. See the BASE screenshots (big and slow) to see how the system is used for monitoring network traffic, zooming in on interesting activity, and generating statistical reports.

Base has been written by a relatively small group of developers and translators. Base is licensed under the GNU General Public License (GPL). It runs on many Unix variants as well as Windows. The software is written in Perl, PHP, Tcl, and the Unix Shell. The BASE project summary has more general information.

Version 1.0 of BASE was announced this week: "This release includes many bug fixes over previous releases of BASE and ACID. It also is the first release to include the Flow-Portscan preprocessor patch. It also has support for multiple languages, with 11 languages included in the package. It also has a fully functional user authentication and role-basing system."

Security administrators should find BASE and SNORT to be useful tools for monitoring their networks. The software is available for download here.

to post comments


Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds