Upload File

a nalysis c onsole for i ntrusion d atabases

21
A A nalysis nalysis C C onsole for onsole for I I ntrusion ntrusion D D atabases atabases Roy Roy

Upload: nichole-snider

Post on 02-Jan-2016

32 views

Category:

Documents


1 download

Report

Tags:

DESCRIPTION

A nalysis C onsole for I ntrusion D atabases. Roy. Description. ACID. Objective. Setup ACID, MySQL, Snort Super alert Analyzer Performance Benchmarking of ACID. About ACID. Query-builder and search interface. Chart and statistics generation. Packet viewer (decoder). Alert management. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: A nalysis C onsole for I ntrusion D atabases

AAnalysis nalysis CConsole for onsole for IIntrusion ntrusion DDatabases atabases

RoyRoy

Page 2: A nalysis C onsole for I ntrusion D atabases

DescriptionDescription

ACID

Page 3: A nalysis C onsole for I ntrusion D atabases

ObjectiveObjective

Setup ACID, MySQL, SnortSetup ACID, MySQL, Snort Super alert AnalyzerSuper alert Analyzer Performance Benchmarking of ACIDPerformance Benchmarking of ACID

Page 4: A nalysis C onsole for I ntrusion D atabases

About ACIDAbout ACID

Query-builder and search interface

Packet viewer (decoder) Alert

management

Chart and statistics generation

Centralize control

Page 5: A nalysis C onsole for I ntrusion D atabases

System overviewSystem overview

ACID+Snort+MySQLACID+Snort+MySQL

ACID

Page 6: A nalysis C onsole for I ntrusion D atabases

Distributed IDS centralize controlDistributed IDS centralize control

ACID DB

Page 7: A nalysis C onsole for I ntrusion D atabases

PrerequisitesPrerequisites A databaseA database

- Package: MySQL Package: MySQL • Version: 3.23.x+ Version: 3.23.x+ • Homepage: Homepage: http://www.mysql.com/http://www.mysql.com/

A mechanismA mechanism- Package: Snort Package: Snort

• Version: 1.7+ Version: 1.7+ • Homepage: Homepage: http://http://www.snort.orgwww.snort.org//

- Package: PHP Package: PHP • Version: 4.0.4+ Version: 4.0.4+ • Homepage: Homepage: http://http://www.php.netwww.php.net//

A web serverA web server- Package: Apache Server Package: Apache Server - Version: 1.3.*+ Version: 1.3.*+ - Homepage: Homepage: http://http://www.apache.orgwww.apache.org//

PHP access database APIPHP access database API- Package: ADODB Package: ADODB

• Homepage: Homepage: http://http://php.weblogs.com/adodbphp.weblogs.com/adodb//

- Package: PHPlot Package: PHPlot • Homepage: Homepage: http://http://www.phplot.comwww.phplot.com

- Package: JPGraph Package: JPGraph • Homepage: Homepage: http://http://www.aditus.nu/jpgraphwww.aditus.nu/jpgraph//

- Package: GD Package: GD • Homepage: Homepage: http://http://www.boutell.com/gdwww.boutell.com/gd//

Page 8: A nalysis C onsole for I ntrusion D atabases

Install ACID and snortInstall ACID and snort

Download ACIDDownload ACID- http://www.andrew.cmu.edu/user/rdanyliw/http://www.andrew.cmu.edu/user/rdanyliw/

snort/snortacid.htmlsnort/snortacid.html Decompress acid-0.9.6b23.tar.gzDecompress acid-0.9.6b23.tar.gz

Move ACID to your web directoryMove ACID to your web directory

Page 9: A nalysis C onsole for I ntrusion D atabases

Setting up the database in MySQLSetting up the database in MySQL

Create databaseCreate database

Create user and assign privilegeCreate user and assign privilege

Create snort tablesCreate snort tables

Page 10: A nalysis C onsole for I ntrusion D atabases

Modify ACID config filesModify ACID config files

Edit acid_conf.phpEdit acid_conf.php

Page 11: A nalysis C onsole for I ntrusion D atabases

Connect to sensor managerConnect to sensor manager

Open Open http://192.168.1.101/acid/acid_conf.phphttp://192.168.1.101/acid/acid_conf.php

Page 12: A nalysis C onsole for I ntrusion D atabases

Setup snort output moduleSetup snort output module

Edit /etc/snort/snort.confEdit /etc/snort/snort.conf

Page 13: A nalysis C onsole for I ntrusion D atabases

Test environmentTest environment

Internet

Name: ACID serverOS:LinuxIP:192.168.1.101Net Mask:255.255.255.0Gateway:192.168.1.2

Web Server: Apache 2.051SQL Server: MySQL 4.0.20Sensor: Snort 2.1.3Management: ACID 0.9.6 beta 23

Name: attacker1OS:WindowsIP:192.168.1.1Net Mask:255.255.255.0

Vulnerability Scanner: N-Sealth 5.2

三暝三日…

Page 14: A nalysis C onsole for I ntrusion D atabases

Enjoy the resultsEnjoy the results

Open http://192.168.1.101/acid/Open http://192.168.1.101/acid/

Page 15: A nalysis C onsole for I ntrusion D atabases

More analysisMore analysis

5 most frequent alerts (alert listing)5 most frequent alerts (alert listing) 15 most frequent alerts (unique source)15 most frequent alerts (unique source) Time profile of alertsTime profile of alerts Last 24 hoursLast 24 hours Last 72 hoursLast 72 hours

Page 16: A nalysis C onsole for I ntrusion D atabases

Performance Benchmarking of Performance Benchmarking of ACID (Page loading time) ACID (Page loading time)

Host:Host: Intel Mobile 800Mhz, 256 MB RAM Intel Mobile 800Mhz, 256 MB RAM OS:OS: Linux 2.2.16-22 Linux 2.2.16-22 Apache:Apache: 1.3.19 1.3.19 PHP:PHP: 4.0.5 4.0.5 MySQL:MySQL: 3.23.32 3.23.32 PostgreSQL:PostgreSQL:7.1.27.1.2 DB schema:DB schema: v102 v102 ACID:ACID: 0.9.6b10 - 0.9.6b13 0.9.6b10 - 0.9.6b13

Page 17: A nalysis C onsole for I ntrusion D atabases

I. Unique Alert Listing I. Unique Alert Listing (acid_stat_alerts.php) (acid_stat_alerts.php)

Page 18: A nalysis C onsole for I ntrusion D atabases

II. ACID Main page (acid_main.pII. ACID Main page (acid_main.php) hp)

Page 19: A nalysis C onsole for I ntrusion D atabases

SummarySummary

Page 20: A nalysis C onsole for I ntrusion D atabases

ReferenceReference

Performance Benchmarking of ACIDPerformance Benchmarking of ACID- http://www.andrew.cmu.edu/user/rdanyliw/http://www.andrew.cmu.edu/user/rdanyliw/

snort/perf/acid_perf.htmlsnort/perf/acid_perf.html NIST Intrusion Detection SystemNIST Intrusion Detection System

Page 21: A nalysis C onsole for I ntrusion D atabases

Appendix AAppendix A

Passive Ethernet Tap Passive Ethernet Tap

Internet

IDS

Traffic in

Traffic out

IDS

http://www.snort.org/docs/tap/


CIENTIFIC D ATABASES - Nalini Nadkarni · ceive documenting data for archival purposes to be a time-consuming process and many don’t even attempt it.10,11 Documentation of field

C ONCURRENCY C ONTROL ON R ELATIONAL D ATABASES Seminar: Transaction Processing (Bachelor) SS 2009 Dennis Stratmann

@andy_pavlo On Predictive Modeling for D istributed D atabases VLDB - August 28 th, 2012

Foundations of Databases - Wikis of... · Foundations of Databases. F oundations of D atabases ... a database management system is a software system that ... and languages that express

A N A NN A PPROACH FOR N ETWORK I NTRUSION D ETECTION U SING E NTROPY B ASED F EATURE SELECTION

A CCESSING D ATABASES WITH JDBC CH 24 C S 442: A DVANCED J AVA P ROGRAMMING

A DMIN C ONSOLE C OURSE C REATION W ALK - T HROUGH

L IBRARY C ATALOGS & [O THER ] D ATABASES Joy Garretson & Jennifer Nabzdyk, MLC Technology Academy: Session 4 January 5, 2014 * Technology Academy content

D ATABASES – L ESSON 6 Key Stage 3 ICT. H OW DO DATABASES AFFECT YOU – T ASK 6A In your booklets, List 5 places that use a database and why?

CIENTIFIC D ATABASES trees an… · S CIENTIFIC D ATABASES U nderstanding the biosphere and how human activities affect it nearly al-ways requires the efforts of many in-vestigators,

C OMP 110 M AIN & C ONSOLE I NPUT Instructor: Sasa Junuzovic

IOLOGICAL ATABASES EW SCIENTIFIC LITERATUREFIGURE 1. The flow of information in traditional publishing from the point of view of scientific researchers. Of necessity, review papers

D METHODOLOGY FOR RELATIONAL ATABASES ISSUES …...1Research Scholar, Ramanujan Computing Centre, Anna University, Chennai. 2Associate Professor, Ramanujan Computing Centre, Anna University,

D ATABASES – L ESSON 1 Key Stage 3 ICT. Open the ICT levels spread sheet and find the Database tab Read each orange box and answer in the white box. S

D ATABASES – L ESSON 2 Key Stage 3 ICT. R ECAP OF KEYWORDS – T ASK 2A I N YOUR WORKBOOKS FROM LAST LESSON What is a database? A DATABASE is a collection

F ORENSIC DNA D ATABASES J EREMY G RUBER. 60 countries worldwide operate national DNA databases 34 countries plan to set up new DNA databases A number

C OMP 110 M AIN & C ONSOLE I NPUT Instructor: Jason Carter

UniFi Switch Flex Mini Datasheet · Deployment Example onsole ini UDM Computer Printer Internet Remote Access to UniFi Controller NAS The UniFi Switch Flex Mini connects a variety

GA AY SA PAG GAMIT NG ADMIN ONSOLE · may tatlong uri ng tech support tag o mensahe sa tech support team: Para sa mga comments, suggestions, piliin ang GENERAL MESSAGE . Kapag may

N O SQL D ATABASES : M ONGO DB VS C ASSANDRA. I NTRODUCTION What is a Database? “… a repository with organized and structured data, … “ (Abramova & Bernardino,

A V IRTUAL M ACHINE I NTROSPECTION B ASED A RCHITECTURE FOR I NTRUSION D ETECTION Tal Garfionkel, Mendel Rosenblum Computer Science Department, Stanford

D ATABASES – L ESSON 5 Key Stage 3 ICT. S TARTER – T ASK 5A Make as many words as possible from the following 2 words – write them in your work book

P ROVENANCE M ANAGEMENT & C ITATIONS IN C URATED D ATABASES Kleisarchaki Sophia, HY561, 05/05/09

HID® FARGO® CONNECT ONSOLE U GUIDE · Section 1 March 2018 5 1 Connection 1.1 Introduction The HID FARGO® Connect™ Console provides a secure gateway between your local FARGO

atabases in ngineering / Lab1 · 2014. 11. 5. · Database Management System (DBMS) is a set of programs that enables you to store, modify, and extract information from a database,

I PREVENTION /I NTRUSION DETECTION (IPS/IDS) F OR …airccse.org/journal/cnc/6414cnc07.pdf · International Journal of Computer Networks & Communications (IJCNC) Vol.6, No.4, July

Giving to the 3 R s Campaign - WordPress.com€¦ · Rodgers Infinity Model 361 Three Manual, Digital Organ Existing Pipe Organ onsole ... would provide a prime opportunity for our

Manage, Support, Secure & Track Your Devices Anytime, Anywhere · Access Mobiontrol anywhere with the new web-based Management onsole, no software installation reuired Secure mail

IDS D EPLOYMENT 1. C HARACTERISTICS OF A G OOD I NTRUSION D ETECTION S YSTEM 1.It must run continually without human supervision. The system must be reliable

I PREVENTION /I NTRUSION DETECTION (IPS/IDS) F OR WIFI … · Intrusion Detection System (NIDS) used as a tool that provides the intrusion detection functionality by sniffing the

HACQIT: H ierarchical A daptive C ontrol of Q oS for I ntrusion T olerance

PA RTICIPATORY N ETWORKS AND D ATABASES F O R SUSTAINABILITY R ESEARCH AND A SSESSMENT

I ntrusion- R esilient Signatures

I mproved V irtual S creening S trategies and E nrichment of F ocused L ibraries in A ctive C ompounds U sing T arget- O riented D atabases I mproved

Access bscoHost atabases - Keele University · To access the NHS resources click the “OpenAthens Login” link. Figure 3 EbscoHost log in screen. Log in with your NHS Athens username