SNARE The team at InterSect Alliance have experience with auditing and intrusion detection on a wide range of platforms - Solaris, Windows NT, Windows 2000, Novell Netware, AIX, even MVS (ACF2/RACF); and within a wide range of IT security in businesses such as - Intelligence Agencies,Financial Service firms, Government Departments and Application Service Providers. This background gives us a unique insight into how to effectively deploy host and network intrusion detection systems that support and enhance an organisation's business goals. As long time users of the Linux operating system, we believe that one of the key missing features that is holding Linux back from deployment in large organisations, particularly those with significant security requirements, is the availability of host based intrusion detection systems - ie: system auditing or event logging facilities. However, we recognise that Linux is many things to many people, and building audit/event logging capabilities directly into the kernel will only contribute to kernel bloat. The facility may never be used in some Linux installations. As such, in the spirit of the recent announcement of the push towards modular security extensions to the Linux kernel (Linux Security Module Interface) in the Kernel 2.5 summit, InterSect Alliance are proud to release a dynamically loadable kernel module that will form the basis for a host intrusion detection facility and C2-style auditing/event logging capability for Linux - without the need for a kernel recompile. The overall project is called 'SNARE' - System iNtrusion Analysis & Reporting Environment. The team at InterSect Alliance are releasing components of SNARE under the terms of the GNU Public License. Why put all this effort into the tools? Two primary reasons: 1. We want to contribute to the overall security of worldwide information technology resources, and although we are operating-system and fully vendor independent, we see direct, significant benefits in enhancing the security of the Linux operating system. 2. Our active contributions towards IT Security separates us from many other consulting organisations that provide security services, and demonstrates our experience, flexibility and commitment to service. InterSect Alliance believe that potential customers will recognise our commitment, experience and skills, and acknowledge us as a uniquely qualified team of IT Security professionals. The SNARE homepage is located at: http://www.intersectalliance.com/projects/Snare/index.html Cryptographic signatures and checksums may be provided by the developers at the URL(s) above. Wiretapped recommends that users check these before use of the software/information.