broadmap
play

Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop - PowerPoint PPT Presentation

Sep 27, 2022 •50 likes •620 views

The Bro Network Security Monitor Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Bro Workshop 2011 Version 2.0 Final 3 Bro

  1. The Bro Network Security Monitor Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011

  2. Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Bro Workshop 2011

  3. Version 2.0 Final 3 Bro Workshop 2011

  4. Version 2.0 Final Timeline: Early December. Default scripts rewritten from scratch. New logging system. New build and packaging system. New auto-documentation system (Broxygen). Lots of bugs fixed. Obsolete code removed. New development infrastructure. New regression testing framework. New web server. New mailing lists. New logo. 3 Bro Workshop 2011

  5. Upcoming 4 Bro Workshop 2011

  6. Upcoming Bro 2.1 New user’s guide. Overhauled IPv6 support. Logging extensions. Binary logging/Postgresql/CouchDB/SQLite(?) / Threads. Integration with REN-ISACs CIF. Reaction framework. New/improved analyzers. Syslog/GridFTP/NFS/SMB/BitTorrent. Extended test-suite. Aiming for 3-4 months release cycle. 4 Bro Workshop 2011

  7. In Planning 5 Bro Workshop 2011

  8. In Planning Comprehensive Bro Archive Network (CBAN) Easy installation of 3rd party scripts. 5 Bro Workshop 2011

  9. In Planning Comprehensive Bro Archive Network (CBAN) Easy installation of 3rd party scripts. File Analyzer Protocol-independent file hashing, extraction, decompression, analysis, and reassembly. 5 Bro Workshop 2011

  10. In Planning Comprehensive Bro Archive Network (CBAN) Easy installation of 3rd party scripts. File Analyzer Protocol-independent file hashing, extraction, decompression, analysis, and reassembly. Input Framework. Real-time interface to external intelligence. 5 Bro Workshop 2011

  11. In Planning 6 Bro Workshop 2011

  12. In Planning Deep Cluster Pushing Bro deep into your network. 6 Bro Workshop 2011

  13. In Planning Deep Cluster Pushing Bro deep into your network. Unified packet acquisition and control. Plugin-based interface to platform capabilities. 6 Bro Workshop 2011

  14. In Planning Deep Cluster Pushing Bro deep into your network. Unified packet acquisition and control. Plugin-based interface to platform capabilities. New/extended protocol analyzers. Ongoing focus. Working on BinPAC++. 6 Bro Workshop 2011

  15. In Planning Deep Cluster Pushing Bro deep into your network. Unified packet acquisition and control. Plugin-based interface to platform capabilities. New/extended protocol analyzers. Ongoing focus. Working on BinPAC++. Internal reorganization and cleanup. Move to a more modular structure. 6 Bro Workshop 2011

  16. Current Research Projects 7 Bro Workshop 2011

  17. Next Stop: 100 Gb/s Now these sites need a monitoring solution ... Working with cPacket on a 100GE load- balancer! DOE/ESNet 100G Advanced Networking Initiative Source: ESNet Source: ESNet 8 Bro Workshop 2011

  18. 100 Gb/s Load-balancer Bro Workshop 2011

  19. 100 Gb/s Load-balancer Bro Workshop 2011

  20. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. Bro Workshop 2011

  21. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. Bro Workshop 2011

  22. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. cFlow 100G 100Gbps Bro Workshop 2011

  23. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. cFlow 100G 100Gbps 10Gb/s Bro Workshop 2011

  24. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. cFlow 100G 100Gbps 10Gb/s Bro Cluster Bro Workshop 2011

  25. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. cFlow 100G 100Gbps API 10Gb/s Control Bro Cluster Bro Workshop 2011

  26. Concurrent Analysis 10 Bro Workshop 2011

  27. Concurrent Analysis Bro is still single-threaded. Cluster leverages advanced packet-level capabilities to exploit multi-core systems. 10 Bro Workshop 2011

  28. Concurrent Analysis Bro is still single-threaded. Cluster leverages advanced packet-level capabilities to exploit multi-core systems. Eventually, we want multi-threading. Scaling with number of cores. Transparent to the operator. 10 Bro Workshop 2011

  29. Concurrent Analysis Bro is still single-threaded. Cluster leverages advanced packet-level capabilities to exploit multi-core systems. Eventually, we want multi-threading. Scaling with number of cores. Transparent to the operator. For some IDS, that’s not so hard. For others, it is ... 10 Bro Workshop 2011

  30. Architecture Logs Notification Policy Script Interpreter Analysis Logic Events Event Engine Protocol Decoding Packets Network 11 Bro Workshop 2011

  31. Architecture Logs Notification Single Thread Policy Script Interpreter Analysis Logic Events Event Engine Protocol Decoding Packets Network 11 Bro Workshop 2011

  32. Architecture Notification Scripting Language Script Threads Detection Logic Events Event Engine Event Engine Packet Analysis Threads Packet Dispatcher (NIC) Packets Dispatcher Network 12 Bro Workshop 2011

  33. Architecture Notification Scripting Language Script Threads Detection Logic Events Event Engine Event Engine Packet Analysis Threads “Cluster in a Box” Packet Dispatcher (NIC) Packets Dispatcher Network 12 Bro Workshop 2011

  34. Architecture How to parallelize a scripting language? Notification Scripting Language Script Threads Detection Logic Events Event Engine Event Engine Packet Analysis Threads “Cluster in a Box” Packet Dispatcher (NIC) Packets Dispatcher Network 12 Bro Workshop 2011

  35. HILTI Abstract Machine A H igh-Level I ntermediary L anguage for T raffic I nspection 13 Bro Workshop 2011

  36. HILTI Abstract Machine A H igh-Level I ntermediary L anguage for T raffic I nspection High-level State Real-time Robust/Secure Domain-specific Concurrent Standard Management Performance Execution Data Types Analysis Components First-class Containers with Well-defined, Platform for building Domain-specific Scalability through networking types state management contained execution high-level, reusable concurrency model parallelization built-in support environment functionality on Support for Static type-system, Timers can drive Compilation to incremental and robust error execution native code processing handling Extensive optimization potential 13 Bro Workshop 2011

  37. HILTI Abstract Machine A H igh-Level I ntermediary L anguage for T raffic I nspection High-level State Real-time Robust/Secure Domain-specific Concurrent Standard Management Performance Execution Data Types Analysis Components First-class Containers with Well-defined, Platform for building Domain-specific Scalability through networking types state management contained execution high-level, reusable concurrency model parallelization built-in support environment functionality on Support for Static type-system, Timers can drive Compilation to incremental and robust error execution native code processing handling Extensive optimization potential 13 Bro Workshop 2011

  38. Workshop Wrap Up Thanks for coming to the Bro Workshop 2011! 14 Bro Workshop 2011

  39. Workshop Wrap Up Thanks for coming to the Bro Workshop 2011! Thanks to NSF for subsidizing workshop attendance. 14 Bro Workshop 2011

  40. Building a Community http://www.bro-ids.org 15 Bro Workshop 2011

  41. Building a Community Our goal is to build a larger “Bro Community”. Users: � Exchange of experiences and functionality. Developers: � External contributions will be crucial. http://www.bro-ids.org 15 Bro Workshop 2011

  42. Building a Community Our goal is to build a larger “Bro Community”. Users: � Exchange of experiences and functionality. Developers: � External contributions will be crucial. New community resources. Mailing lists / Blog / Twitter / IRC. Contributed scripts repository. http://www.bro-ids.org 15 Bro Workshop 2011

  43. Building a Community Our goal is to build a larger “Bro Community”. Users: � Exchange of experiences and functionality. Developers: � External contributions will be crucial. New community resources. Mailing lists / Blog / Twitter / IRC. Contributed scripts repository. Open development model. All code in public git repositories. Extensive use of issue tracker. http://www.bro-ids.org 15 Bro Workshop 2011

  44. Helping the Bro Project 16 Bro Workshop 2011

  45. Helping the Bro Project Tell us! 16 Bro Workshop 2011

  46. Helping the Bro Project Tell us! Tell others! 16 Bro Workshop 2011

  47. Helping the Bro Project Tell us! Tell others! Help others! 16 Bro Workshop 2011

  48. Helping the Bro Project Tell us! Tell others! Help others! Contribute! 16 Bro Workshop 2011

  49. Shameless Plug 17 Bro Workshop 2011

  50. Shameless Plug All of the Bro 2.0 work was only possible with the support from National Science Foundation. 17 Bro Workshop 2011

  51. Shameless Plug All of the Bro 2.0 work was only possible with the support from National Science Foundation. We can continue with that for a bit, but only for so long. And we have many more ideas anyway. 17 Bro Workshop 2011

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019

INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019

INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019 About me Linux kernel contributor since 2011 Co-Creator of Samsung internal NTFS Filesystem Introduce collapse and insert range syscall

406 views • 26 slides
Physics S Student Clubs & RSOs Fall 2020 Physics at Illinois Undergraduate Student Organiz

Physics S Student Clubs & RSOs Fall 2020 Physics at Illinois Undergraduate Student Organiz

Physics S Student Clubs & RSOs Fall 2020 Physics at Illinois Undergraduate Student Organiz izatio ions Society for Guidance for Society of Physics PhySAB PhysVan Women in Physics Physics Students Students (SPS) (SWIP) (GPS)

340 views • 9 slides
1 Bertrand Meyer The assistants 7 8 Volkan Arslan Michael Gomez E-mail:

1 Bertrand Meyer The assistants 7 8 Volkan Arslan Michael Gomez E-mail:

German version of lecture slides 1 2 Folien fr diese und alle weiteren Vorlesungseinheiten werden von nun an auch in Deutsch verfgbar sein. Introduction to Programming Sie knnen die deutschen Folien auf der Webseite der Vorlesung

657 views • 12 slides
Contributing to LibreOffjce without C++ knowledge Ilmari Lauhakangas, TDF

Contributing to LibreOffjce without C++ knowledge Ilmari Lauhakangas, TDF

Contributing to LibreOffjce without C++ knowledge Ilmari Lauhakangas, TDF ilmari.lauhakangas@libreoffjce.org FOSDEM, 1 Feb. 2020 Teams support each other Understanding the work of others keeps the quality high Localisation 3

400 views • 20 slides
Flashback OS X Malware Broderick Ian Aquilino September 27, 2012 Protecting the irreplaceable

Flashback OS X Malware Broderick Ian Aquilino September 27, 2012 Protecting the irreplaceable

Flashback OS X Malware Broderick Ian Aquilino September 27, 2012 Protecting the irreplaceable | f-secure.com Agenda Infection Vector Installation Main Binary C&C Servers Payload Remaining Binaries

618 views • 34 slides
RTSP Prime (RTSP) semantics very similar to RTSP-00 textual encoding; but: RTSP would

RTSP Prime (RTSP) semantics very similar to RTSP-00 textual encoding; but: RTSP would

OPENSIG 1 RTSP Prime (RTSP) semantics very similar to RTSP-00 textual encoding; but: RTSP would work text or binary works with TCP and UDP re-use of HTTP authentication better fit with MMUSIC conference control, session

593 views • 14 slides
Web browsing support for cross-community activities Tomohiro Oda Agenda cross-community

Web browsing support for cross-community activities Tomohiro Oda Agenda cross-community

Web browsing support for cross-community activities Tomohiro Oda Agenda cross-community activity cross-community activity and DynC difficulties in supporting cross-community activities cSuite: web browsing support tool for cross-

303 views • 19 slides
Simon Cook Ed Jones simon.cook@embecosm.com ed.jones@embecosm.com Current in-tree architectures

Simon Cook Ed Jones simon.cook@embecosm.com ed.jones@embecosm.com Current in-tree architectures

Simon Cook Ed Jones simon.cook@embecosm.com ed.jones@embecosm.com Current in-tree architectures Arch Server Desktop Embedded MCU DSP GPU Hardware Reg size AArch64 64 AMDGPU 32 ARM 32

643 views • 14 slides
Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC

Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC

Kea An Open-Source DHCP Server Stephen Morris Internet Systems Consortium stephen@isc.org ISC DHCP Open-Source First version released in 1997 Default DHCP software in many distributions Server/relay/client for IPv4 & IPv6

303 views • 13 slides
March 21, 2020 All providers For Action TO: Health Maintenance Organizations For

March 21, 2020 All providers For Action TO: Health Maintenance Organizations For

State of New Jersey Department of Human Services Division of Medical Assistance & Health Services March 21, 2020 All providers For Action TO: Health Maintenance Organizations For Information Only SUBJECT: Temporary Telehealth

190 views • 3 slides
Build Service F I F E W O R K S H O P M A Y 2 8 , 2 0 1 5 P A T R I C K G A R T U N G S C D

Build Service F I F E W O R K S H O P M A Y 2 8 , 2 0 1 5 P A T R I C K G A R T U N G S C D

Jenkins Continuous Integration Build Service F I F E W O R K S H O P M A Y 2 8 , 2 0 1 5 P A T R I C K G A R T U N G S C D / S S A / S S I Jenkins 2 Continuous Integration: Building and testing your software project After an

366 views • 19 slides
Services Sergio Rojas sergio@lacnic.net About LACNIC LACNIC, the Latin American and

Services Sergio Rojas sergio@lacnic.net About LACNIC LACNIC, the Latin American and

Membership and Registration Services Sergio Rojas sergio@lacnic.net About LACNIC LACNIC, the Latin American and Caribbean Internet Addresses Registry, is an international non- government organization established in Uruguay in 2002.

468 views • 17 slides
Target Communications Framework: One Link To Rule them all Anna Dushistova

Target Communications Framework: One Link To Rule them all Anna Dushistova

Target Communications Framework: One Link To Rule them all Anna Dushistova anna.dushistova@gmail.com Thursday, February 21, 2013 PROBLEM Almost every device software development tool has its own method of communication with target system

238 views • 22 slides
ECE 242 Data Structures and Algorithms Lecture 1 Course Overview September 9, 2009 ECE242 L1:

ECE 242 Data Structures and Algorithms Lecture 1 Course Overview September 9, 2009 ECE242 L1:

ECE 242 Data Structures and Algorithms Lecture 1 Course Overview September 9, 2009 ECE242 L1: Course Overview Welcome! What is this class about? Designing and building complex software systems Solving common engineering problems

117 views • 9 slides
Software Infrastructure for Sustained Innovation (SI 2 ) PI meeting Arlington, VA January 17-18,

Software Infrastructure for Sustained Innovation (SI 2 ) PI meeting Arlington, VA January 17-18,

Software Infrastructure for Sustained Innovation (SI 2 ) PI meeting Arlington, VA January 17-18, 2013 Ewa Deelman, University of Southern California Miron Livny, University of Wisconsin Madison SI 2 PI Meeting Goals Bring together Principle

212 views • 18 slides
Report from the MoEDAL Software Group Janusz Chwastowski, Dominik Derendarz, Pawel Malecki, Rafal

Report from the MoEDAL Software Group Janusz Chwastowski, Dominik Derendarz, Pawel Malecki, Rafal

Report from the MoEDAL Software Group Janusz Chwastowski, Dominik Derendarz, Pawel Malecki, Rafal Staszewski, Maciej Trzebinski (Cracow) Akshay Katre, Philippe Mermod (Geneva) Matthew King, Vasiliki A. Mitsou, Vicente Vento (Valencia) Jim

463 views • 20 slides
1 However ConferenceXP Presenter 10 weeks is too short Developed last year at Microsoft

1 However ConferenceXP Presenter 10 weeks is too short Developed last year at Microsoft

Introductions CSE 403 Software Richard Anderson Engineering Professor, Computer Science and Engineering Joined UW in 1986 Research interests Educational Technology Richard Anderson Algorithms Autumn 2002 Industrial

255 views • 4 slides
ND Software Integration Update Mathew Muether Mathew.Muether@wichita.edu August 12, 2019 ND

ND Software Integration Update Mathew Muether Mathew.Muether@wichita.edu August 12, 2019 ND

ND Software Integration Update Mathew Muether Mathew.Muether@wichita.edu August 12, 2019 ND Workshop Summary We held a workshop on ND SW integration on July 24 th https://indico.fnal.gov/event/21249/other-view?view=standard The goal

366 views • 10 slides
R packages from a Fedora perspective Jos Matos jamatos@{fep.up.pt, fedoraproject.org}

R packages from a Fedora perspective Jos Matos jamatos@{fep.up.pt, fedoraproject.org}

Introduction Fedora Fedora and R Conclusions R packages from a Fedora perspective Jos Matos jamatos@{fep.up.pt, fedoraproject.org} (Mathematics Research Center, Economics School) Porto University and Fedora Project 12 August 2008 useR!

502 views • 21 slides
Foundations of Software Martin Odersky, EPFL Course Overview Slides in part adapted from:

Foundations of Software Martin Odersky, EPFL Course Overview Slides in part adapted from:

Foundations of Software Martin Odersky, EPFL Course Overview Slides in part adapted from: University of Pennsylvania CIS 500: Software Foundations - Fall 2006 by Benjamin Pierce 1 2 What is software foundations? Why study software

300 views • 14 slides
Software Sustainability and the Conceptualization of URSSI Sandra Gesing sandra.gesing@nd.edu

Software Sustainability and the Conceptualization of URSSI Sandra Gesing sandra.gesing@nd.edu

Software Sustainability and the Conceptualization of URSSI Sandra Gesing sandra.gesing@nd.edu November 14, 2018 Research Software http://doi.org/10.5281/zenodo.843607 Research Software > 50% neither formal nor informal training in

193 views • 7 slides
Page 1 Textbook Labs Tuesdays, 3:40-5:00 in the ECE Digital Lab MEB 2265 None

Page 1 Textbook Labs Tuesdays, 3:40-5:00 in the ECE Digital Lab MEB 2265 None

Course Perspective #1: Today Mostly About Software Im a Computer Science professor, this is a Course perspective and logistics CS class Embedded systems introduction Crosslisted for convenience Assignments, exams,

822 views • 9 slides
Introduction Erik Poll Digital Security Radboud University Nijmegen Admin NB IMC051 (5EC, for

Introduction Erik Poll Digital Security Radboud University Nijmegen Admin NB IMC051 (5EC, for

Software Security Introduction Erik Poll Digital Security Radboud University Nijmegen Admin NB IMC051 (5EC, for TRU/e) vs ISOFSE (6EC) All course material will be on http://www.cs.ru.nl/~erikpoll/ss but video recordings will be in

726 views • 70 slides
CS 5150 So(ware Engineering Scenarios and Use Cases

CS 5150 So(ware Engineering Scenarios and Use Cases

Cornell University Compu1ng and Informa1on Science CS 5150 So(ware Engineering Scenarios and Use Cases William Y. Arms Scenarios Scenario

423 views • 27 slides

More recommend