Summary of Contents for Soteria Systems HAIMS
- Page 1 Hardware-Assisted Intrusion Monitoring System (HAIMS User’s Manual (Linux) Soteria Systems, LLC January 27, 2014...
-
Page 2: Table Of Contents
INTRODUCTION ............................. 3 ..............................3 EATURES ..............................5 PECIFICATION INSTALLATION ............................... 6 HAIMS H ............................6 ARDWARE ..............................6 EVICE RIVER 2.2.1 Configuration ............................6 2.2.2 Compilation .............................. 7 2.2.3 Setup ................................ 7 ..............................8 PPLICATIONS ................................ 8 LEAN LOG INTEGRITY CHECKING ..........................9 ................................ -
Page 3: Introduction
Hardware-Assisted Intrusion Monitoring System (HAIMS) is a hardware-assisted security solution using asymmetric hardware platform with a software package. Figure 1 illustrates the key features of HAIMS. It employs an asymmetric coprocessor hardware platform as a firm foundation for software applications. - Page 4 Since HAIMS is a hardware-based solution, it cannot be compromised. Any stored data in HAIMS cannot be tampered under any circumstances. It can also store and protect application code. Since HAIMS is a separate hardware, it does not incur performance degradation of the host server. HAIMS does not require modification to existing server applications.
-
Page 5: Specification
1.2 Specification Table 1 HAIMS specification 146 mm 101.6 mm 19 mm Dimension Standard 3.5” hard disk drive size Interface SATA 2.0 Capacity 64 GB / 128 GB Supported OS Windows / Linux I/O Throughput 805.68kbps (8 GB/day) -
Page 6: Installation
2 Installation 2.1 HAIMS Hardware HAIMS hardware has the same dimension and interface with a 3.5” hard disk drive. It should be installed the same way as a hard disk drive is installed. 1. Place and fix the HAIMS hardware to one of hard disk drive rack. -
Page 7: Compilation
To identify the raw HAIMS device, the list of SATA devices should be identified by the fdisk command. # fdisk –l Disk /dev/sda … Disk /dev/sdb … Disk /dev/sdc … Checking the candidates one by one using the hdparm command, if the device name is “OpenSSD Jasmine”, it is the HAIMS device. -
Page 8: Pplications
# cp haims.ko /lib/modules/$(uname -r)/kernel/drivers/ # echo 'haims' >> /etc/modules # depmod After the above steps, the system would automatically load the haims.ko module every time during boot-up. 2.3 Applications With g++ compiler, the applications are compiled. Before compilation, make sure that the conf.h file is identical with the conf.h file in the driver folder. -
Page 9: Log Integrity Checking
3.1 Setup To check the integrity of a log file, a copy of the log file should be stored in the HAIMS device by using the tail command. For example, if we want to check the integrity of the kernel log, # tail –F /var/logs/kern.log >... -
Page 10: Log Integrity Checker
3.2 Log Integrity Checker The log integrity checker compares the log file against the copy stored in the HAIMS device. Its function is the same with that of the diff command, but it can handle larger files by assuming they are log files. -
Page 11: File Integrity Checking
The HAIMS file integrity checker detects the malware even in the said situation by exploiting the fact that any data stored in the HAIMS device cannot be tempered. -
Page 12: File Access Monitoring
HAIMS as described in Section 3. To analyze the audit logs from HAIMS, the administrator can use the ausearch utility provided by the kernel's audit subsystem. Start ausearch utility with the following command-...
Need help?
Do you have a question about the HAIMS and is the answer not in the manual?
Questions and answers