This is an old revision of the document!
The architecture of the WARDEN system is that of the client – server type. The Warden system consists of a server, receiving clients and sending clients. The server, on request of receiving clients, distributes new (previously undistributed) events fed to the server by sending clients.
Each entity/network that wishes to feed data into the WARDEN system should have a so called sending client. Each entity/network that wishes to receive data from the WARDEN system should have a so called receiving client. The server (the centre) ensures the data reception and storage as well as the interface for the access to data stored. Data which the clients send into the centre will be referred to as events. Events are sent by the clients after authentication; the access to the centre is also authenticated. X.509 is used for the authentication.
Entities/networks involved feed the centre events solely from data sources within the entity/network, i.e. data from detection system operated within the entity/network and monitoring network and service traffic in the network concerned (IDS, honeypots …).
An event fed in by a participating entity into the centre is stateless information about the origin of the attack/ threat containing the following elements:
Each entity participating in the system may receive data from the Warden system (through a receiving client). The server (centre) provides participating entities with received events together with event identifier, source and domain name of the station from which the event was received. The server sends the client only events so far unsent (one or more), or a notification that there is no new (unsent) event on the server.
Participating entities may use data obtained from Warden as necessary to ensure security of their own network and services provided.
CESNET, z. s. p. o.
Generála Píky 26
16000 Prague 6
Tel: +420 234 680 222
Fax: +420 224 320 269
info@cesnet.cz
Tel: +420 234 680 222
GSM: +420 602 252 531
Fax: +420 224 313 211
support@cesnet.cz
