surfnet ids os3 uva project extension of the surfnet
play

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion - PowerPoint PPT Presentation

Nov 18, 2023 •23 likes •203 views

SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Michael Rave Coen Steenbeek 7 February 2007 Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP

  1. SURFnet IDS / OS3 UvA Project Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Michael Rave Coen Steenbeek 7 February 2007

  2. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Overview • Intrusion Detection Systems • SURFnet IDS • Problem Definition • Research • Solutions • Conclusion • Future Work • Questions 2/18

  3. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Intrusion Detection Systems • What is IDS? – detects unwanted manipulations – Hackers, script kiddies, worms, e.c. – Detection, no prevention • Different sorts of IDS’s – Network IDS – Host-based IDS – Hybrid IDS 3/18

  4. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP SURFnet IDS • Distributed IDS – Client - Server model • Distributed sensors – Modified Knoppix distribution – Layer-2 VPN tunnel in bridging mode • Honeypot – Nepenthes • Logging Server – PostgreSQL Database – Apache webserver 4/18

  5. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP SURFnet IDS 5/18

  6. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Problem Definition “How to give a desktop computer the same functionality of the current SURFnet IDS sensors without affecting the current functionality of the desktop computer?” 6/18

  7. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Sub-questions • How to obtain unused ports on Windows XP • How to forward certain ports on Windows XP • How to forward incoming traffic on certain ports to the honeypot without changing the source IP-address of the incoming packets 7/18

  8. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Research • Unused Ports – Netstatp – Nmap – Winpcap – … • Port forwarding – Trivial Port Forward – Netsh – Wintunnel – … 8/18

  9. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Solutions • “How to forward incoming traffic on certain ports to the honeypot without changing the source IP-address of the incoming packets” • Indirect Solution • Direct Solution 9/18

  10. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Solution Indirect 10/18

  11. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Implementation Indirect • Challenges Indirect – Source IP-address of attacker • Solution – IP-tunneling/IPSec/IPv6? – Not tested 11/18

  12. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Advantages/Disadvantages Indirect • Advantages – Sensor Server already present in current setup – Only one VPN connection – Better structure • Disadvantages – IP-tunneling/IPSec/IPv6 introduces difficulties – No working concept so not tested 12/18

  13. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Solution Direct 13/18

  14. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Implementation Direct • Challenges Direct – Source IP-address of attacker – Routing through same tunnel • Solutions – Netsh, pre-routed NAT – Source based routing 14/18

  15. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Advantages/Disadvantages Direct • Advantages – Secure VPN tunnel – No changes to current sensor – Already tested succesfully • Disadvantages – Every sensors needs its own VPN tunnel – Many rules in source based routing tables 15/18

  16. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Future Work • IP-tunneling/IPv6/IPSec for indirect solutions • Further tests • Efficient port checking – No opening of ports – Opening when attacked 16/18

  17. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Conclusion • Summary – Two Solutions – First tested successfully – Second needs more research and testing • We recommend – Direct solution • Secure VPN tunnel • Successfully tested • No modifications to old-style sensor • Only small modifications to honeypot server • Both sensors (old and new) in conjunction 17/18

  18. Extension of the SURFnet Intrusion Detection System Sensors to Microsoft Windows XP Questions? 18/18

Recommend

SURFnet storage pilot plans Rogier.Spoor@SURFnet.nl 17 september 2009 What do we do ? OSI-layer

SURFnet storage pilot plans Rogier.Spoor@SURFnet.nl 17 september 2009 What do we do ? OSI-layer

SURFnet storage pilot plans Rogier.Spoor@SURFnet.nl 17 september 2009 What do we do ? OSI-layer Founded to start a nationwide network 1 SURFnet. We make innovation work W hats our activity focus We make innovation work - (online)

216 views • 20 slides
The MediaMosa Foundation From Innovation project to a Sustainable Community Frans Ward - SURFnet

The MediaMosa Foundation From Innovation project to a Sustainable Community Frans Ward - SURFnet

The MediaMosa Foundation From Innovation project to a Sustainable Community Frans Ward - SURFnet 7 th TF-Media - Paris, April 3 2013 Wednesday, April 3, 13 About SURFnet... Development and exploitation of - the Dutch National Network for

573 views • 24 slides
SURFnet Cloud Computing Solutions Marvin Rambhadjan Arthur Schutijser SURFnet February 3, 2010

SURFnet Cloud Computing Solutions Marvin Rambhadjan Arthur Schutijser SURFnet February 3, 2010

Introduction Cloud Computing The Project Use Cases Comparison Conclusion Future Research Questions SURFnet Cloud Computing Solutions Marvin Rambhadjan Arthur Schutijser SURFnet February 3, 2010 Marvin Rambhadjan Arthur Schutijser

1.06k views • 26 slides
DNSSEC resolving at SURFnet ICANN38, DNSSEC panel discussion, Brussels Roland van Rijswijk

DNSSEC resolving at SURFnet ICANN38, DNSSEC panel discussion, Brussels Roland van Rijswijk

DNSSEC resolving at SURFnet ICANN38, DNSSEC panel discussion, Brussels Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl June 23rd 2010 woensdag 2 juni 2010 About SURFnet National Research and Educational Network in The Netherlands

154 views • 11 slides
Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/

Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/

Autom atic anom aly detection using NfSen Wim Biemolt, SURFnet Werner Schram, SURFnet 14/ 12/ 2007 Autom atic anom aly detection using NfSen - SURFnet and netflow anomaly detection - NERD - NfSen - PeakFlow SP - Currently used detection

594 views • 26 slides
Communication with end-users Lessons learned by SURFnet Zagreb, 20 May 2003 Sandra Passchier

Communication with end-users Lessons learned by SURFnet Zagreb, 20 May 2003 Sandra Passchier

Communication with end-users Lessons learned by SURFnet Zagreb, 20 May 2003 Sandra Passchier Communication Manager SURFnet Overview Communication model SURFnet Reaching the end-user: Why? Reaching the end-user: How? - the

361 views • 13 slides
The European Face of Videoconferencing and other developments Egon Verharen SURFnet

The European Face of Videoconferencing and other developments Egon Verharen SURFnet

The European Face of Videoconferencing and other developments Egon Verharen SURFnet Egon.Verharen@surfnet.nl GDS: 0031302305367 Former TF-STREAM chair, Vidmid-vc, ViDe.Net, ViDe, Internet2 Commons International coordination Why

480 views • 34 slides
Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN

Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN

Supporting Collaboration Niels van Dijk Technical Product Manager SURFnet: the Dutch NREN SURFnet is the Dutch National Research & Education Network (NREN) Services, innovation, knowledge Not for profit Task organisation of

710 views • 28 slides
DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th

DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th

DNSSEC update TF MNM, Lyon Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 16 th 2011 DNSSEC validation - Validation rate not rising very much - Interesting to see what will happen after .com signing 2 SURFnet. We make

482 views • 16 slides
Open Video in Education MediaMosa @ TF-Media Workshop Porto, October 26, 2011 - SURFnet.

Open Video in Education MediaMosa @ TF-Media Workshop Porto, October 26, 2011 - SURFnet.

Frans Ward Technical Product Manager SURFnet Advanced Services MediaMosa: Open Source Media Management Software to Build an Open Video Platform Open Video in Education MediaMosa @ TF-Media Workshop Porto, October 26, 2011 - SURFnet.

410 views • 25 slides
Dynamic Lightpaths - in SURFnet and Beyond Bram Peeters, Gerben Van Malenstein, Hans Trom pert

Dynamic Lightpaths - in SURFnet and Beyond Bram Peeters, Gerben Van Malenstein, Hans Trom pert

Dynamic Lightpaths - in SURFnet and Beyond Bram Peeters, Gerben Van Malenstein, Hans Trom pert SURFnet Terena E2 E w orkshop on establishing lightpaths Am sterdam - 2 nd of Decem ber 2 0 0 8 Contents - Dynamic Lightpaths, return to the

169 views • 16 slides
Network Peering Dashboard for SURFnet David Garay Supervisors : Marijke Kaat, Jac Kloots 1

Network Peering Dashboard for SURFnet David Garay Supervisors : Marijke Kaat, Jac Kloots 1

Network Peering Dashboard for SURFnet David Garay Supervisors : Marijke Kaat, Jac Kloots 1 Introduction 2 SURFnets AS 1103 Network Topology - Courtesy of SURFnet Introduction AMS-IX Amsterdam Asteroid BNIX LINX NL-IX 3 SURFnets

410 views • 29 slides
VIRTUAL CAMPUS HUB Project overview Niels van Dijk, SURFnet Merete Badger, DTU Wind Energy

VIRTUAL CAMPUS HUB Project overview Niels van Dijk, SURFnet Merete Badger, DTU Wind Energy

VIRTUAL CAMPUS HUB Project overview Niels van Dijk, SURFnet Merete Badger, DTU Wind Energy Frank_Vercoulen, TU/e Project objectives (Annex I) The objective of the project is to deliver a working concept for a Virtual Campus Hub in a form

440 views • 23 slides
The COIN Project Niels van Dijk, technical Product Manager SURFnet SURFfederatie Online

The COIN Project Niels van Dijk, technical Product Manager SURFnet SURFfederatie Online

The COIN Project Niels van Dijk, technical Product Manager SURFnet SURFfederatie Online Collaboration Best of Breed Generic apps The COIN Project Collaboration Infrastructure The COIN Project - Resulting infrastructure - Is a synergy

687 views • 22 slides
Inter-domain SDN Considera2ons Ronald van der Pol

Inter-domain SDN Considera2ons Ronald van der Pol

Inter-domain SDN Considera2ons Ronald van der Pol SURFnet Ronald.vanderPol@SURFnet.nl GLIF, 17 January 2013, Honolulu, USA Dis2nguish between:

575 views • 8 slides
Optimum Implementation of TI-LFA and Segment Routing on SURFnet 8 RP #22 Peter Prjevara &

Optimum Implementation of TI-LFA and Segment Routing on SURFnet 8 RP #22 Peter Prjevara &

Optimum Implementation of TI-LFA and Segment Routing on SURFnet 8 RP #22 Peter Prjevara & Fouad Makioui Supervisors: Marijke Kaat & Wouter Huisman The Goals of Networks ARPANET - 1974 2 https://en.wikipedia.org/wiki/ARPANET What

648 views • 48 slides
TAKING A CLOSER LOOK AT IRATI Supervisors: Koen Veelenturf Marijke Kaat - SURFnet

TAKING A CLOSER LOOK AT IRATI Supervisors: Koen Veelenturf Marijke Kaat - SURFnet

RP#23 RESEARCH PROJECT TAKING A CLOSER LOOK AT IRATI Supervisors: Koen Veelenturf Marijke Kaat - SURFnet University of Amsterdam Ralph Koning - UvA System and Network Engineering TAKING A CLOSER LOOK AT IRATI RESEARCH QUESTIONS

631 views • 29 slides
Academic Video projects in the Netherlands TF-Media, Athens, March 18-19, 2010 GRNET Workshop on

Academic Video projects in the Netherlands TF-Media, Athens, March 18-19, 2010 GRNET Workshop on

Frans Ward Academic Video projects in the Netherlands TF-Media, Athens, March 18-19, 2010 GRNET Workshop on Academic Media Casting ` Agenda Academic Video 15 min. About SURFnet projects SURFnet Services in the Netherlands SURFnet Video

929 views • 72 slides
Expansion of the SURFnet Intrusion Detection System R. Buijs P. Siekerman System and Network

Expansion of the SURFnet Intrusion Detection System R. Buijs P. Siekerman System and Network

Expansion of the SURFnet Intrusion Detection System R. Buijs P. Siekerman System and Network Engineering 7-2-2007 R. Buijs P. Siekerman (SNE) Expansion of SURFnet IDS 7-2-2007 1 / 18 Contents Assignment 1 Intrusion Detection Systems 2

454 views • 18 slides
PANEL DISCUSSION - Zero Touch Connectivity Henrik Wessing, DTU Frans Panken, SURFnet Per

PANEL DISCUSSION - Zero Touch Connectivity Henrik Wessing, DTU Frans Panken, SURFnet Per

PANEL DISCUSSION - Zero Touch Connectivity Henrik Wessing, DTU Frans Panken, SURFnet Per Nihlen, SUNET Architecture Workshop Tony Breach, NORDUnet 10- 13 November 2014 moderator Copenhagen connect communicate collaborate Its just

465 views • 15 slides
c b roland.vanrijswijk@surfnet.nl Overview - Introduction - The 2-factor landscape - Something

c b roland.vanrijswijk@surfnet.nl Overview - Introduction - The 2-factor landscape - Something

tiqr: a novel take on two-factor authentication LISA 2011, Boston, MA Roland van Rijswijk c b roland.vanrijswijk@surfnet.nl Overview - Introduction - The 2-factor landscape - Something we all have - - Comparison of 2-factor AuthN

546 views • 19 slides
NERD: Network Emergency Responder & Detector Wim.Biemolt@surfnet.nl 2 nd FloCon, Pittsburgh,

NERD: Network Emergency Responder & Detector Wim.Biemolt@surfnet.nl 2 nd FloCon, Pittsburgh,

NERD: Network Emergency Responder & Detector Wim.Biemolt@surfnet.nl 2 nd FloCon, Pittsburgh, September, 2005. High-quality I nternet for higher education and research SURFnet5 netw ork Operational Since September 2001

309 views • 18 slides
DRIVING INNOVATION TOGETHER Maarten Kremers, SURFnet At SURF, education and research

DRIVING INNOVATION TOGETHER Maarten Kremers, SURFnet At SURF, education and research

DRIVING INNOVATION TOGETHER Maarten Kremers, SURFnet At SURF, education and research collaborate to fully utilise the opportunities offered by digitalisation. 3 We are SURF Fields of work Education Research Cooperative facilities

496 views • 10 slides
DNSSEC & fragmentation a prickly combination Roland van Rijswijk - Deij

DNSSEC & fragmentation a prickly combination Roland van Rijswijk - Deij

DNSSEC & fragmentation a prickly combination Roland van Rijswijk - Deij roland.vanrijswijk@surfnet.nl The problem in 1 slide Authoritative Name Server Firewall Recursive Caching Name Server (resolver) 2 SURFnet:

442 views • 13 slides

More recommend