• HOME
• SERVICE CATALOG
• INFORMATION ASSURANCE
• HOST BASED SECURITY

HOST BASED SECURITY (HBS)

The Host Based Security (HBS) Program Management Office provides tools that increase security at the sub-network/domain (enclave) or local computing device (host) level. These programs provide enterprise licensing, infrastructure, training, and support to combatant commands, services, and agencies (CC/S/A) deploying and implementing the protection provided by HBS tools. The HBS PMO works directly with the Secure Configuration Management (SCM) PMO by aligning schedules and capabilities to ensure complete end-to-end solution delivery to DoD.

Tools and Capabilities

Host Based Security System (HBSS)

HBSS is a commercial off-the-shelf (COTS) based application that provides a flexible component based architecture that provides real-time detection and counter moves against known cyber-threats and allows for Tier I situational awareness reporting on assets, alerts, and event data. HBSS is deployed throughout the DoD enterprise.

HBSS components include:

• Arcsight Connector - Provides up-tier reporting of critical alerts and events
• Asset Baseline Module (ABM) - Provides trusted asset capabilities
• Asset Configuration Compliance Module (ACCM) - Provides asset software inventory for use by local and up-tier purposes
• Asset Publishing Service (APS) - Provides up-tier movement of HBSS asset and compliance data
• Device Control Module (DCM) - Provides removable media protection to counter common threats
• ePolicy Orchestrator (ePO) console - Serves as the single management console for asset, alerting and reporting of HBSS related data
• Host Intrusion Prevention System (HIPS) - Provides network and asset protection
• Operational Attributes Module (OAM) - Provides metadata tagging for granular reporting at the Tier I level
• Policy Auditor (PA) - Provides asset and configuration compliance information
• Rogue System Detection (RSD) - Provides protection against unknown systems on the network

HBSS Components in Active Development/Testing:

Asset Configuration Compliance Module (ACCM)*
The Asset Configuration Compliance Module (ACCM) is a capability which gathers detailed asset inventory (e.g. type and version of operating systems, network interface and applications) on all (e.g. workstations, laptops, servers) hosts and provides near-real time situational awareness of asset inventory.

CAC-enabled HBSS Portal (use email certificate)

Anti-Virus/Anti-Spyware (AV/AS)

The capabilities provided by the AV/AS project provide system administrators and security personnel with tools to effectively counter the threat posed by malicious software to the security and integrity of the DoD Global Information Grid (GIG). The AV/AS project utilizes Commercial Off-the-Shelf (COTS) products that help prevent, detect, isolate and eradicate software that has been identified, either by the vendor or the security community, as malware, that would provide a threat to any operating system in the DoD enterprise.

CAC-enabled AV/AS Portal (use email certificate)

Bootable Media

The Bootable Media project will provide a secure, non-persistent option for remote access to the DoD GIG and enterprise resources for authorized users. The Bootable Media solution creates a non-persistent bootable operating system which runs strictly in memory, which allows for greatly enhanced security on non DoD devices.

CAC-enabled Bootable Media Portal (use email certificate)

Wireless

The Wireless project's goal is to enhance network security by providing a Wireless Discovery Device (WDD) capability. The wireless project has provided funding to the U.S. Naval Research Laboratory to develop the Flying Squirrel Wireless Assessment Tool Suite, which provides a real-time wireless (IEEE 802.11a/b/g/n) discovery, integrated visualization and mapping, and post-hoc analysis capabilities. Components of the software suite are named Flying Squirrel, Caribou, Woodchuck, and MeerCAT.

CAC-enabled Wireless Security Portal (use email certificate)