surfnet ids os3 uva project extension of the surfnet
play

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion - PowerPoint PPT Presentation

Nov 18, 2023 •23 likes •203 views

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Michael Rave Coen Steenbeek 7 February 2007 Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP

  1. SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Michael Rave Coen Steenbeek 7 February 2007

  2. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Overview • Intrusion Detection Systems • SURFnet IDS • Problem Definition • Research • Solutions • Conclusion • Future Work • Questions 2/18

  3. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Intrusion Detection Systems • What is IDS? – detects unwanted manipulations – Hackers, script kiddies, worms, e.c. – Detection, no prevention • Different sorts of IDS’s – Network IDS – Host-based IDS – Hybrid IDS 3/18

  4. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP SURFnet IDS • Distributed IDS – Client - Server model • Distributed sensors – Modified Knoppix distribution – Layer-2 VPN tunnel in bridging mode • Honeypot – Nepenthes • Logging Server – PostgreSQL Database – Apache webserver 4/18

  5. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP SURFnet IDS 5/18

  6. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Problem Definition “How to give a desktop computer the same functionality of the current SURFnet IDS sensors without affecting the current functionality of the desktop computer?” 6/18

  7. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Sub-questions • How to obtain unused ports on Windows XP • How to forward certain ports on Windows XP • How to forward incoming traffic on certain ports to the honeypot without changing the source IP-address of the incoming packets 7/18

  8. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Research • Unused Ports – Netstatp – Nmap – Winpcap – … • Port forwarding – Trivial Port Forward – Netsh – Wintunnel – … 8/18

  9. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Solutions • “How to forward incoming traffic on certain ports to the honeypot without changing the source IP-address of the incoming packets” • Indirect Solution • Direct Solution 9/18

  10. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Solution Indirect 10/18

  11. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Implementation Indirect • Challenges Indirect – Source IP-address of attacker • Solution – IP-tunneling/IPSec/IPv6? – Not tested 11/18

  12. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Advantages/Disadvantages Indirect • Advantages – Sensor Server already present in current setup – Only one VPN connection – Better structure • Disadvantages – IP-tunneling/IPSec/IPv6 introduces difficulties – No working concept so not tested 12/18

  13. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Solution Direct 13/18

  14. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Implementation Direct • Challenges Direct – Source IP-address of attacker – Routing through same tunnel • Solutions – Netsh, pre-routed NAT – Source based routing 14/18

  15. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Advantages/Disadvantages Direct • Advantages – Secure VPN tunnel – No changes to current sensor – Already tested succesfully • Disadvantages – Every sensors needs its own VPN tunnel – Many rules in source based routing tables 15/18

  16. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Future Work • IP-tunneling/IPv6/IPSec for indirect solutions • Further tests • Efficient port checking – No opening of ports – Opening when attacked 16/18

  17. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Conclusion • Summary – Two Solutions – First tested successfully – Second needs more research and testing • We recommend – Direct solution • Secure VPN tunnel • Successfully tested • No modifications to old-style sensor • Only small modifications to honeypot server • Both sensors (old and new) in conjunction 17/18

  18. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Questions? 18/18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SURFnet storage pilot plans Rogier.Spoor@SURFnet.nl 17 september 2009 What do we do ? OSI-layer

SURFnet storage pilot plans Rogier.Spoor@SURFnet.nl 17 september 2009 What do we do ? OSI-layer

SURFnet storage pilot plans Rogier.Spoor@SURFnet.nl 17 september 2009 What do we do ? OSI-layer Founded to start a nationwide network 1 SURFnet. We make innovation work W hats our activity focus We make innovation work - (online)

216 views • 20 slides
The MediaMosa Foundation From Innovation project to a Sustainable Community Frans Ward - SURFnet

The MediaMosa Foundation From Innovation project to a Sustainable Community Frans Ward - SURFnet

The MediaMosa Foundation From Innovation project to a Sustainable Community Frans Ward - SURFnet 7 th TF-Media - Paris, April 3 2013 Wednesday, April 3, 13 About SURFnet... Development and exploitation of - the Dutch National Network for

573 views • 24 slides
SURFnet Cloud Computing Solutions Marvin Rambhadjan Arthur Schutijser SURFnet February 3, 2010

SURFnet Cloud Computing Solutions Marvin Rambhadjan Arthur Schutijser SURFnet February 3, 2010

Introduction Cloud Computing The Project Use Cases Comparison Conclusion Future Research Questions SURFnet Cloud Computing Solutions Marvin Rambhadjan Arthur Schutijser SURFnet February 3, 2010 Marvin Rambhadjan Arthur Schutijser

1.06k views • 26 slides
DNSSEC resolving at SURFnet ICANN38, DNSSEC panel discussion, Brussels Roland van Rijswijk

DNSSEC resolving at SURFnet ICANN38, DNSSEC panel discussion, Brussels Roland van Rijswijk

DNSSEC resolving at SURFnet ICANN38, DNSSEC panel discussion, Brussels Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl June 23rd 2010 woensdag 2 juni 2010 About SURFnet National Research and Educational Network in The Netherlands

154 views • 11 slides
Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/

Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/

Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/ 2007 Autom atic anom aly detection using NfSen - SURFnet and netflow anomaly detection - NERD - NfSen - PeakFlow SP - Currently used detection

594 views • 26 slides
Communication with end-users Lessons learned by SURFnet Zagreb, 20 May 2003 Sandra Passchier

Communication with end-users Lessons learned by SURFnet Zagreb, 20 May 2003 Sandra Passchier

Communication with end-users Lessons learned by SURFnet Zagreb, 20 May 2003 Sandra Passchier Communication Manager SURFnet Overview Communication model SURFnet Reaching the end-user: Why? Reaching the end-user: How? - the

361 views • 13 slides
The European Face of Videoconferencing and other developments Egon Verharen SURFnet

The European Face of Videoconferencing and other developments Egon Verharen SURFnet

The European Face of Videoconferencing and other developments Egon Verharen SURFnet Egon.Verharen@surfnet.nl GDS: 0031302305367 Former TF-STREAM chair, Vidmid-vc, ViDe.Net, ViDe, Internet2 Commons International coordination Why

480 views • 34 slides
Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN

Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN

Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN SURFnet is the Dutch National Research & Education Network (NREN) Services, innovation, knowledge Not for profit Task organisation of

710 views • 28 slides
DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th

DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th

DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th 2011 DNSSEC validation - Validation rate not rising very much - Interesting to see what will happen after .com signing 2 SURFnet. We make

482 views • 16 slides
Open Video in Education MediaMosa @ TF-Media Workshop Porto, October 26, 2011 - SURFnet.

Open Video in Education MediaMosa @ TF-Media Workshop Porto, October 26, 2011 - SURFnet.

Frans Ward Technical Product Manager SURFnet Advanced Services MediaMosa: Open Source Media Management Software to Build an Open Video Platform Open Video in Education MediaMosa @ TF-Media Workshop Porto, October 26, 2011 - SURFnet.

410 views • 25 slides
Dynamic Lightpaths - in SURFnet and Beyond Bram Peeters, Gerben Van Malenstein, Hans Trom pert

Dynamic Lightpaths - in SURFnet and Beyond Bram Peeters, Gerben Van Malenstein, Hans Trom pert

Dynamic Lightpaths - in SURFnet and Beyond Bram Peeters, Gerben Van Malenstein, Hans Trom pert SURFnet Terena E2 E w orkshop on establishing lightpaths Am sterdam - 2 nd of Decem ber 2 0 0 8 Contents - Dynamic Lightpaths, return to the

169 views • 16 slides
Network Peering Dashboard for SURFnet David Garay Supervisors : Marijke Kaat, Jac Kloots 1

Network Peering Dashboard for SURFnet David Garay Supervisors : Marijke Kaat, Jac Kloots 1

Network Peering Dashboard for SURFnet David Garay Supervisors : Marijke Kaat, Jac Kloots 1 Introduction 2 SURFnets AS 1103 Network Topology - Courtesy of SURFnet Introduction AMS-IX Amsterdam Asteroid BNIX LINX NL-IX 3 SURFnets

410 views • 29 slides
VIRTUAL CAMPUS HUB Project overview Niels van Dijk, SURFnet Merete Badger, DTU Wind Energy

VIRTUAL CAMPUS HUB Project overview Niels van Dijk, SURFnet Merete Badger, DTU Wind Energy

VIRTUAL CAMPUS HUB Project overview Niels van Dijk, SURFnet Merete Badger, DTU Wind Energy Frank_Vercoulen, TU/e Project objectives (Annex I) The objective of the project is to deliver a working concept for a Virtual Campus Hub in a form

440 views • 23 slides
The COIN Project Niels van Dijk, technical Product Manager SURFnet SURFfederatie Online

The COIN Project Niels van Dijk, technical Product Manager SURFnet SURFfederatie Online

The COIN Project Niels van Dijk, technical Product Manager SURFnet SURFfederatie Online Collaboration Best of Breed Generic apps The COIN Project Collaboration Infrastructure The COIN Project - Resulting infrastructure - Is a synergy

687 views • 22 slides
Inter-domain SDN Considera2ons Ronald van der Pol

Inter-domain SDN Considera2ons Ronald van der Pol

Inter-domain SDN Considera2ons Ronald van der Pol SURFnet Ronald.vanderPol@SURFnet.nl GLIF, 17 January 2013, Honolulu, USA Dis2nguish between:

575 views • 8 slides
Optimum Implementation of TI-LFA and Segment Routing on SURFnet 8 RP #22 Peter Prjevara &

Optimum Implementation of TI-LFA and Segment Routing on SURFnet 8 RP #22 Peter Prjevara &

Optimum Implementation of TI-LFA and Segment Routing on SURFnet 8 RP #22 Peter Prjevara & Fouad Makioui Supervisors: Marijke Kaat & Wouter Huisman The Goals of Networks ARPANET - 1974 2 https://en.wikipedia.org/wiki/ARPANET What

648 views • 48 slides
REQUESTED REZONING 700 N. CARMICHAEL AVE. REQUESTED REZONING 700 N. CARMICHAEL AVE. BACKGROUND -

REQUESTED REZONING 700 N. CARMICHAEL AVE. REQUESTED REZONING 700 N. CARMICHAEL AVE. BACKGROUND -

REQUESTED REZONING 700 N. CARMICHAEL AVE. REQUESTED REZONING 700 N. CARMICHAEL AVE. BACKGROUND - REQUESTED REZONE-NC to SFR-8 LOT SIZE-8,100 SF (MOL) PROPOSED USE-REPURPOSE AN EXISTING COMMERCIAL BUILDING FOR RESIDENTIAL USE REQUESTED

570 views • 22 slides
Pro WPF in C# 2008: Windows Presentation Foundation with .Net 3.5 Pro WPF in C# 2008: Windows

Pro WPF in C# 2008: Windows Presentation Foundation with .Net 3.5 Pro WPF in C# 2008: Windows

NCHHKTUVZRG0 Kindle Pro WPF in C# 2008: Windows Presentation Foundation with .Net 3.5 Pro WPF in C# 2008: Windows Presentation Foundation with .Net 3.5 Pro WPF in C# 2008: Windows Presentation Foundation with .Net 3.5 Filesize: 4.75 MB

87 views • 4 slides
Programming Windows Presentation Foundation Chris Sells, Ian Griffiths Click here if your

Programming Windows Presentation Foundation Chris Sells, Ian Griffiths Click here if your

Programming Windows Presentation Foundation Chris Sells, Ian Griffiths Click here if your download doesn"t start automatically Programming Windows Presentation Foundation Chris Sells, Ian Griffiths Programming Windows Presentation

60 views • 5 slides
Software for Land Development (606) 564-5028 Founded in 1983 Profile 20+ Global Satellite

Software for Land Development (606) 564-5028 Founded in 1983 Profile 20+ Global Satellite

Carlson Software, Inc. 33 East Second Street Maysville, KY 41056 www.carlsonsw.com Software for Land Development (606) 564-5028 Founded in 1983 Profile 20+ Global Satellite Offices Maysville, KY Boston, MA Europe Offices Over 80

487 views • 19 slides
Creating a Presentation

Creating a Presentation

1.1 LESSON 1 Creating a Presentation Start Microsoft PowerPoint. Explore the

105 views • 9 slides
WordRake WordRake WordRake founder Gary Kinder Lawyer WordRake is my favorite

WordRake WordRake WordRake founder Gary Kinder Lawyer WordRake is my favorite

10/19/2018 WordRake WordRake WordRake founder Gary Kinder Lawyer WordRake is my favorite software Taught over 1,000 writing programs of all time. WilmerHale, Sidley, Skadden, Latham, Jones Day VISA, KPMG, Microsoft

75 views • 3 slides
Introduction to Epi Info Epi Info is a Database and Statistics software for public health

Introduction to Epi Info Epi Info is a Database and Statistics software for public health

Introduction to Epi Info Epi Info is a Database and Statistics software for public health professionals By Dr. Sahibzada Azhar Mujib Data Management Coordinator Course Objectives After completing the course participants will able to

1.06k views • 51 slides
How to Download Admissions File 1. Click on Click here to Download the file. 1 2. Choose the

How to Download Admissions File 1. Click on Click here to Download the file. 1 2. Choose the

How to Download Admissions File 1. Click on Click here to Download the file. 1 2. Choose the location to save the file then click on S ave . 2 3. It will be start downloading, as it is shown at the bottom of the screen. 3 4. After

211 views • 5 slides

More recommend