By: Michael Kuritzky and Guy Cepelevich Supervisor: Amichai Shulman.

Slides:



Advertisements
Similar presentations
Data-Intensive Cloud Control for GENI GEC 8 demo Orca control framework July 20, 2010 Michael Zink, Prashant Shenoy, Jim Kurose, David Irwin and Emmanuel.
Advertisements

1 NETE4631 Cloud deployment models and migration Lecture Notes #4.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Infrastructure as a Service (IaaS) Amazon EC2
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
w/ Service Provider Foundation & Service Management Automation VMs, Networks, Automation Service Bus Database SQL Sever MySQL Web Sites Services Plans.
Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
Proxy Servers Dr. Ronald Bergmann, CIO, ISO. Proxy servers A proxy server is a machine which acts as an intermediary between the computers of a local.
Platform as a Service (PaaS)
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
Object Oriented Databases by Adam Stevenson. Object Databases Became commercially popular in mid 1990’s Became commercially popular in mid 1990’s You.
Microsoft Visual Basic 2005 CHAPTER 1 Introduction to Visual Basic 2005 Programming.
Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
CLOUD COMPUTING  IT is a service provider which provides information.  IT allows the employees to work remotely  IT is a on demand network access.
Chapter 9: Novell NetWare
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
In the name of God :).
M1G Introduction to Database Development 6. Building Applications.
Part 1. Persistent Data Web applications remember your setting by means of a database linked to the site.
Java in the cloud PaaS Platform in Comparison By Srini Kumar VP MSat IT Evangelist & Strategy Advisor.
Amazon Web Services BY, RAJESH KANDEPU. Introduction  Amazon Web Services is a collection of remote computing services that together make up a cloud.
Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Architecture Planning and designing a successful system Use tried and tested techniques Easy to maintain Robust and long lasting.
©2010 John Wiley and Sons Chapter 12 Research Methods in Human-Computer Interaction Chapter 12- Automated Data Collection.
Chapter 34 Java Technology for Active Web Documents methods used to provide continuous Web updates to browser – Server push – Active documents.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Conversing in the Cloud Ryan Kupfer, Scott Wetter, Bryan Welfel, Shekhar Pradhan.
Data Mining By Dave Maung.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Data-Intensive Cloud Control for GENI GEC 10 Orca control framework March 15 th, 2011 Michael Zink, Prashant Shenoy, Jim Kurose, David Irwin and Emmanuel.
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
Multi-Tier Apps with Admin Access, RDP, Custom Installs Modern Scalable Web Sites Full Windows Server/Linux VMs Web Sites Virtual Machines Cloud Services.
Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.
Web Technologies Lecture 13 Introduction to cloud computing.
Configuring and Deploying Web Applications Lesson 7.
G053 - Lecture 02 Search Engines Mr C Johnston ICT Teacher
Launch Amazon Instance. Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity in the Amazon Web Services (AWS) cloud.
WebScan: Implementing QueryServer 2.0 Karl Geiger, Amgen Inc. BRS NA UG August 1999.
Stuff to memorise… "A method tells an object to perform an action. A property allows us to read or change the settings of the object."
WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.
Introduction of Wget. Wget Wget is a package for retrieving files using HTTP and FTP, the most widely-used Internet protocols. Wget is non-interactive,
© 2015 MetricStream, Inc. All Rights Reserved. AWS server provisioning © 2015 MetricStream, Inc. All Rights Reserved. By, Srikanth K & Rohit.
INTRODUCTION TO AMAZON WEB SERVICES (EC2). AMAZON WEB SERVICES  Services  Storage (Glacier, S3)  Compute (Elastic Compute Cloud, EC2)  Databases (Redshift,
Fault – Tolerant Distributed Multimedia Streaming Web Application By Nirvan Sagar – Srishti Ganjoo – Syed Shahbaaz Safir
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
Clouding with Microsoft Azure
The Holmes Platform and Applications
CPSC-310 Database Systems
Platform as a Service (PaaS)
Unit 3 Virtualization.
Platform as a Service (PaaS)
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
AWS Integration in Distributed Computing
AWS COURSE DEMO BY PROFESSIONAL-GURU. Amazon History Ladder & Offering.
Introduction to Cloud Computing
Java in the cloud PaaS Platform in Comparison
Cloud computing mechanisms
AWS Cloud Computing Masaki.
FIREWALL.
Web Application Development Using PHP
Comodo Dome Data Protection
Presentation transcript:

By: Michael Kuritzky and Guy Cepelevich Supervisor: Amichai Shulman

 Wikipedia: “In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers.”computernetwork 2M. Kuritzky & G. Cepelevich, Technion2010

 Deploy a honeypot on the web.  Gather information about the usage of the deployed honeypot (requests and replies).  Store the data for future use.  Devise a tool to conveniently review and manually analyze the info gathered from the honeypot in order to create automatic “rules” that will categorize and filter the existing, and new information. 3M. Kuritzky & G. Cepelevich, Technion2010

 Deploy a honeypot on the web:  In order to entice possible attackers into using our Honeypot, we “offered” them a service – an anonymizing proxy server, a very popular “tool” in the “scene”.  We used Amazon’s EC2 (Elastic Compute Cloud) machine to run the anonymizing proxy. 4M. Kuritzky & G. Cepelevich, Technion2010

 Gather information about the usage of the deployed honeypot (requests and replies):  We used Privoxy (available from sourceforge.net) to monitor the traffic and record&store the raw traffic logs in an Amazon EBS (Elastic Block Storage) volume. 5M. Kuritzky & G. Cepelevich, Technion2010

 Store the data for future use:  We wrote a parser to parse the raw privoxy logs.  The parser goes over the logs, one line at a time (to avoid memory problems), and parses it using several Regular Expressions (a.k.a Voodoo ).  We also wrote a listener which registers with the parser, and is called whenever the parser finishes parsing an entry.  The listener inputs the parsed entry into a MySQL database for future analysis. 6M. Kuritzky & G. Cepelevich, Technion2010

 We use the following tables to store the entries in the DB: 2010M. Kuritzky & G. Cepelevich, Technion7

 Devise a tool to conveniently review and manually analyze the info gathered from the honeypot in order to create automatic “rules” that will categorize and filter the existing, and new information:  This is the largest part in the system and will be covered in the next couple of slides. 8M. Kuritzky & G. Cepelevich, Technion2010

 The system consists of 3 panels:  Entries Panel:  Convenient display of entries from the DB (all entries, or entries matching a certain rule).  Allows on-the-spot manipulation on the entries. 2010M. Kuritzky & G. Cepelevich, Technion9

 The system consists of 3 panels:  Rule Editing Panel:  Interface for creating “rules” for automatic data manipulation. 2010M. Kuritzky & G. Cepelevich, Technion10

 The system consists of 3 panels:  Rule Management Panel:  Interface for activating and deactivating existing rules. 2010M. Kuritzky & G. Cepelevich, Technion11

 Interest level  Many entries result from regular internet usage; those can often be automatically marked as uninteresting using our rule system.  Some entries, on the other hand, entail potential attacks (sql injection, automation, etc.). those can be marked as interesting, and then manually processed.  Tags  Using our rule system, the user can automatically assign tags to entries that match certain patterns (e.g. suspicious user-agents). 2010M. Kuritzky & G. Cepelevich, Technion12

A simple rule to catch porn And the results: ~1000 entries Most requests come from the subnet 2010M. Kuritzky & G. Cepelevich, Technion13

Suspicious user-agents: users who claim to use Windows 98 And the results: ~9000 entries 2010M. Kuritzky & G. Cepelevich, Technion14

 The project was written fully in Java, for the following reasons:  Developers’ experience.  Extensive integrated and third-party library support (i.e. JDBC for database connections).  In order to organize and save all the information gathered from our Honeypot, we used a MySQL database. This platform was chosen due to several reasons:  Very common  Free  Easy to access  Existing management tools  Easy to write rules on the entries  Developers’ experience 15M. Kuritzky & G. Cepelevich, Technion2010

 Make the SQL queries more efficient (currently we have a problem dealing with databases with a large number of entries).  Make the user defined queries more structured and guided.  Support for creating automatic queries from multiple selection from the entries table.  Support for reconstruction and “replay” of requests. 2010M. Kuritzky & G. Cepelevich, Technion16

2010M. Kuritzky & G. Cepelevich, Technion17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.