broadmap
play

Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop - PowerPoint PPT Presentation

Sep 27, 2022 •50 likes •620 views

The Bro Network Security Monitor Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Bro Workshop 2011 Version 2.0 Final 3 Bro

  1. The Bro Network Security Monitor Broadmap Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011

  2. Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Bro Workshop 2011

  3. Version 2.0 Final 3 Bro Workshop 2011

  4. Version 2.0 Final Timeline: Early December. Default scripts rewritten from scratch. New logging system. New build and packaging system. New auto-documentation system (Broxygen). Lots of bugs fixed. Obsolete code removed. New development infrastructure. New regression testing framework. New web server. New mailing lists. New logo. 3 Bro Workshop 2011

  5. Upcoming 4 Bro Workshop 2011

  6. Upcoming Bro 2.1 New user’s guide. Overhauled IPv6 support. Logging extensions. Binary logging/Postgresql/CouchDB/SQLite(?) / Threads. Integration with REN-ISACs CIF. Reaction framework. New/improved analyzers. Syslog/GridFTP/NFS/SMB/BitTorrent. Extended test-suite. Aiming for 3-4 months release cycle. 4 Bro Workshop 2011

  7. In Planning 5 Bro Workshop 2011

  8. In Planning Comprehensive Bro Archive Network (CBAN) Easy installation of 3rd party scripts. 5 Bro Workshop 2011

  9. In Planning Comprehensive Bro Archive Network (CBAN) Easy installation of 3rd party scripts. File Analyzer Protocol-independent file hashing, extraction, decompression, analysis, and reassembly. 5 Bro Workshop 2011

  10. In Planning Comprehensive Bro Archive Network (CBAN) Easy installation of 3rd party scripts. File Analyzer Protocol-independent file hashing, extraction, decompression, analysis, and reassembly. Input Framework. Real-time interface to external intelligence. 5 Bro Workshop 2011

  11. In Planning 6 Bro Workshop 2011

  12. In Planning Deep Cluster Pushing Bro deep into your network. 6 Bro Workshop 2011

  13. In Planning Deep Cluster Pushing Bro deep into your network. Unified packet acquisition and control. Plugin-based interface to platform capabilities. 6 Bro Workshop 2011

  14. In Planning Deep Cluster Pushing Bro deep into your network. Unified packet acquisition and control. Plugin-based interface to platform capabilities. New/extended protocol analyzers. Ongoing focus. Working on BinPAC++. 6 Bro Workshop 2011

  15. In Planning Deep Cluster Pushing Bro deep into your network. Unified packet acquisition and control. Plugin-based interface to platform capabilities. New/extended protocol analyzers. Ongoing focus. Working on BinPAC++. Internal reorganization and cleanup. Move to a more modular structure. 6 Bro Workshop 2011

  16. Current Research Projects 7 Bro Workshop 2011

  17. Next Stop: 100 Gb/s Now these sites need a monitoring solution ... Working with cPacket on a 100GE load- balancer! DOE/ESNet 100G Advanced Networking Initiative Source: ESNet Source: ESNet 8 Bro Workshop 2011

  18. 100 Gb/s Load-balancer Bro Workshop 2011

  19. 100 Gb/s Load-balancer Bro Workshop 2011

  20. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. Bro Workshop 2011

  21. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. Bro Workshop 2011

  22. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. cFlow 100G 100Gbps Bro Workshop 2011

  23. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. cFlow 100G 100Gbps 10Gb/s Bro Workshop 2011

  24. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. cFlow 100G 100Gbps 10Gb/s Bro Cluster Bro Workshop 2011

  25. 100 Gb/s Load-balancer SBIR Phase 2 to build prototype. cFlow 100G 100Gbps API 10Gb/s Control Bro Cluster Bro Workshop 2011

  26. Concurrent Analysis 10 Bro Workshop 2011

  27. Concurrent Analysis Bro is still single-threaded. Cluster leverages advanced packet-level capabilities to exploit multi-core systems. 10 Bro Workshop 2011

  28. Concurrent Analysis Bro is still single-threaded. Cluster leverages advanced packet-level capabilities to exploit multi-core systems. Eventually, we want multi-threading. Scaling with number of cores. Transparent to the operator. 10 Bro Workshop 2011

  29. Concurrent Analysis Bro is still single-threaded. Cluster leverages advanced packet-level capabilities to exploit multi-core systems. Eventually, we want multi-threading. Scaling with number of cores. Transparent to the operator. For some IDS, that’s not so hard. For others, it is ... 10 Bro Workshop 2011

  30. Architecture Logs Notification Policy Script Interpreter Analysis Logic Events Event Engine Protocol Decoding Packets Network 11 Bro Workshop 2011

  31. Architecture Logs Notification Single Thread Policy Script Interpreter Analysis Logic Events Event Engine Protocol Decoding Packets Network 11 Bro Workshop 2011

  32. Architecture Notification Scripting Language Script Threads Detection Logic Events Event Engine Event Engine Packet Analysis Threads Packet Dispatcher (NIC) Packets Dispatcher Network 12 Bro Workshop 2011

  33. Architecture Notification Scripting Language Script Threads Detection Logic Events Event Engine Event Engine Packet Analysis Threads “Cluster in a Box” Packet Dispatcher (NIC) Packets Dispatcher Network 12 Bro Workshop 2011

  34. Architecture How to parallelize a scripting language? Notification Scripting Language Script Threads Detection Logic Events Event Engine Event Engine Packet Analysis Threads “Cluster in a Box” Packet Dispatcher (NIC) Packets Dispatcher Network 12 Bro Workshop 2011

  35. HILTI Abstract Machine A H igh-Level I ntermediary L anguage for T raffic I nspection 13 Bro Workshop 2011

  36. HILTI Abstract Machine A H igh-Level I ntermediary L anguage for T raffic I nspection High-level State Real-time Robust/Secure Domain-specific Concurrent Standard Management Performance Execution Data Types Analysis Components First-class Containers with Well-defined, Platform for building Domain-specific Scalability through networking types state management contained execution high-level, reusable concurrency model parallelization built-in support environment functionality on Support for Static type-system, Timers can drive Compilation to incremental and robust error execution native code processing handling Extensive optimization potential 13 Bro Workshop 2011

  37. HILTI Abstract Machine A H igh-Level I ntermediary L anguage for T raffic I nspection High-level State Real-time Robust/Secure Domain-specific Concurrent Standard Management Performance Execution Data Types Analysis Components First-class Containers with Well-defined, Platform for building Domain-specific Scalability through networking types state management contained execution high-level, reusable concurrency model parallelization built-in support environment functionality on Support for Static type-system, Timers can drive Compilation to incremental and robust error execution native code processing handling Extensive optimization potential 13 Bro Workshop 2011

  38. Workshop Wrap Up Thanks for coming to the Bro Workshop 2011! 14 Bro Workshop 2011

  39. Workshop Wrap Up Thanks for coming to the Bro Workshop 2011! Thanks to NSF for subsidizing workshop attendance. 14 Bro Workshop 2011

  40. Building a Community http://www.bro-ids.org 15 Bro Workshop 2011

  41. Building a Community Our goal is to build a larger “Bro Community”. Users: � Exchange of experiences and functionality. Developers: � External contributions will be crucial. http://www.bro-ids.org 15 Bro Workshop 2011

  42. Building a Community Our goal is to build a larger “Bro Community”. Users: � Exchange of experiences and functionality. Developers: � External contributions will be crucial. New community resources. Mailing lists / Blog / Twitter / IRC. Contributed scripts repository. http://www.bro-ids.org 15 Bro Workshop 2011

  43. Building a Community Our goal is to build a larger “Bro Community”. Users: � Exchange of experiences and functionality. Developers: � External contributions will be crucial. New community resources. Mailing lists / Blog / Twitter / IRC. Contributed scripts repository. Open development model. All code in public git repositories. Extensive use of issue tracker. http://www.bro-ids.org 15 Bro Workshop 2011

  44. Helping the Bro Project 16 Bro Workshop 2011

  45. Helping the Bro Project Tell us! 16 Bro Workshop 2011

  46. Helping the Bro Project Tell us! Tell others! 16 Bro Workshop 2011

  47. Helping the Bro Project Tell us! Tell others! Help others! 16 Bro Workshop 2011

  48. Helping the Bro Project Tell us! Tell others! Help others! Contribute! 16 Bro Workshop 2011

  49. Shameless Plug 17 Bro Workshop 2011

  50. Shameless Plug All of the Bro 2.0 work was only possible with the support from National Science Foundation. 17 Bro Workshop 2011

  51. Shameless Plug All of the Bro 2.0 work was only possible with the support from National Science Foundation. We can continue with that for a bit, but only for so long. And we have many more ideas anyway. 17 Bro Workshop 2011

Recommend

More recommend