What is Intrusion Detection Cockpit (IDC)
The cockpit enables system administration staff to constantly monitor EVOTE activity, particularly during an ongoing election. All voting sessions are tracked by LGG and each request from a voting client is checked for:
- Consistency with the voting process
- Timeouts
- Malicious content
and a large number of other potentially malicious activities. Also the data integrity of the EVOTE database is consistently checked. Any suspicious activity causes an alarm in the Logging and Audit System LGG.
Furthermore, (innocent) system malfunctions (e.g. a database problem) cause alarms in the Cockpit. alerting administration staff immediately. The principles are:
- Constant monitoring of all components
- Process oriented threat pattern recognition
- Automatic threat classification
- Additional information for locating the issue
- Immediate administrator notification
System activities are not just scanned as such, but assessed in a process context, where previous communications from the same communication partner are taken into account in the analysis. Thereby
also complex threat patters can be recognized.
With its high level of
automated surveillance and threat classification the Intrusion Detection Cockpit is designed to assist system administrators in monitoring EVOTE. Administration thereby maintains a high-level and comprehensive big picture overview of system activity during an election.
At the same time, administrators may drill down into each alert and obtain more detailed information on the nature and source of the alert enabling them to effectively respond to the issue.
The IDC covers all application components of EVOTE and ideally supplements an infrastructure-based intrusion detection system.
* Microsoft, Windows, SQL Server and .net are registered trademarks or trademarks of Microsoft Corporation. Java is a trademark of Sun Microsystems. RSA is a registered trademark of RSA Security Inc. Hierodiction is a registered trademark of Hierodiction Software GmbH.