KFSensor is an Intrusion Detection System. It performs this role by opening ports on the machine it is installed on and waiting for connections to be made to those ports. It does this in exactly the same way as conventional server software, such as a web server or an SMTP server. By doing this it sets up a target, or a honeypot server, that will record the actions of a hacker.
KFSensor is flexible and highly configurable.
There are several components of the KFSensor system:
The KFSensor Server provides the core functionality of the KFSensor system.
It listens to both TCP and UDP ports on the server machine and interacts with visitors and generates events.
The KFSensor Server has no user interface and runs in the background.
The KFSensor Monitor contains the user interface of the KFSensor system. Using it you can configure the KFSensor Server and monitor the events generated by the KFSensor Server.
The KFSensor Collator is an application which runs without a user interface as a Windows system service.
It provides the core functionality of the Enterprise Edition.
The KFSensor Report Server provides the reports functionality. It queries the log database and acts as a HTTP server to provide the data and files for the KFSensor web based reports.
Next: KFSensor terms