Manuka project IEEE IA Workshop June 10, 2004. Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.

Slides:



Advertisements
Similar presentations
Configuration management
Advertisements

Module 1: Installing Windows XP Professional
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
Leveraging WinPE and Linux Preboot for Effective Provisioning Jonathan Richey | Director of Development | Altiris, Inc.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.
Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.
PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.
Post install; Live CD Chapter II / Part 1I. Post install After install completes, take out the install CD/DVD Reboot Check if boot loader is working properly.
Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.
Hands-on: Capturing an Image with AccessData FTK Imager
This chapter is extracted from Sommerville’s slides. Text book chapter
Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.
Ashita Srivastava ISM High Five Corporations Chain of fast food restaurants Using Windows XP for clients and Windows Server 2008 Needs a robust.
Linux Operations and Administration
Symantec Ghost Effective Disk Cloning Software. What is Ghost? “Ghost is a software product from Symantec that can clone (copy) the entire contents of.
Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Module 13: Configuring Availability of Network Resources and Content.
Introduction to Windows XP Professional Chapter 2 powered by dj.
11 INSTALLING WINDOWS XP PROFESSIONAL Chapter 2. Chapter 2: INSTALLING WINDOWS XP PROFESSIONAL2 OVERVIEW  Install Windows XP Professional  Upgrade from.
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.
1 © 2006 SolidWorks Corp. Confidential. Clustering  SQL can be used in “Cluster Pack” –A pack is a group of servers that operate together and share partitioned.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Automating Forensics. 2 Speaker Passion is honeypots. President, Honeynet Project Author Honeypots: Tracking and Co-Author Know Your Enemy. 8 Years in.
High Performance Computing Cluster OSCAR Team Member Jin Wei, Pengfei Xuan CPSC 424/624 Project ( 2011 Spring ) Instructor Dr. Grossman.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.
Chapter 8 Implementing Disaster Recovery and High Availability Hands-On Virtual Computing.
Honeynets in operational use Gregory Travis Indiana University, Advanced Network Management Lab
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
Module 1: Installing Microsoft Windows XP Professional.
Configuration Management (CM)
W2K Server Installation It is very important that before you begin to install Windows 2000 Server, you must prepare for the installation by gathering specific.
Chapter 3 Installing Windows XP Professional. Preparing for installation Pre-installation requirement; ◦ Hardware requirements ◦ Hardware compatibility.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Module 1: Installing Microsoft Windows XP Professional.
Amit Warke Jerry Philip Lateef Yusuf Supraja Narasimhan Back2Cloud: Remote Backup Service.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Microsoft Management Seminar Series SMS 2003 Change Management.
The Diagnostic Pathfinder System Introduction Getting Started.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
1 Chapter 12 Configuration management This chapter is extracted from Sommerville’s slides. Text book chapter 29 1.
Chapter 8: Installing Linux The Complete Guide To Linux System Administration.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Chapter 5 Server Installation NT Server Requirements NT Server File Systems Installation.
Copyright © 2004 R2AD, LLC Submitted to GGF ACS Working Group for GGF-16 R2AD, LLC Distributing Software Life Cycles Join the ACS Team GGF-16, Athens R2AD,
 systemD  FirewallD  Network manager (NMCLI)  Target CLI (iscsi targets)  GRUB 2 (Booting process)  Network teamnig & bridging.
CompTIA Server+ Certification (Exam SK0-004)
DIT314 ~ Client Operating System & Administration
Red hat Installation 2 Live CD.
Guide to Linux Installation and Administration, 2e
Effective Disk Cloning Software
Amazon Storage- S3 and Glacier
Chapter 27: System Security
Different types of Linux installation
IBM Tivoli Storage Manager
Bethesda Cybersecurity Club
Presentation transcript:

manuka project IEEE IA Workshop June 10, 2004

Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion

Team Members Seattle University Masters in Computer Science & Software Engineering –Amy Shephard –Christian Seifert –Don Nguyen –Jenks Gibbons –Jose Chavez

Sponsors –University of Washington Customer: Dave Dittrich –Seattle University Advisor: Barbara Endicott-Popovsky

Inspiration to Solution

Inspiration Honeynet Project “Forensic Challenge” –January 15, 2001 –Linux Red Hat 6.2 –Six partitions (1.8GB raw / 170MB gzip) –Time to: Root the box and rootkit (30 minutes) Analyze intrusion and report (30+ hours) –Downloaded thousands of times –Used in first SANS FIRE (Forensics course)

Application # NSF CCLI grant –Highline Community College –Seattle University –University of Washington Computer and Network Forensics Courses Using real compromised honeypot images for labs

Use in Forensic Course Lab Student boots lab system w/custom Linux bootable CD Chooses which compromised system to analyze Bits loaded to disk, verified Student performs analysis, answers specific questions (which are compared with analysis in database) Lather, rinse, repeat…

Application #2 Distributed Honeynet using Honeywalls –“Clone” clean honeypot images –Archive compromised honeypot images –Automated honeypot forensics (future)

Application #3 (future) Distributed Incident Response Toolkit –Customizable (unique) ISO images –Centralized control of analysis –Remote drive acquisition –Asynchronous and semi-automatic operation

Proposed Solution Use standard x86 hardware (Knoppix) Bit-image copy of clean/compromised systems Provide integrity checking (MD5 hashes) and secure file transfer (SSH) Database storage (compressed) Database search by attribute (e.g., ID#, OS version, CVE #, etc.) Remotely retrieve/install bootable systems Customizable ISO (ala Honeywall) “Customizing ISOs and the Honeynet Project’s Honeywall,”

Manuka Components –Server Linux, MySQL, Java Automated Manuka database server installation –Client Customized Knoppix CD-ROM (similar to Honeywall) –Password protected –Secure login to database –Secure data transfer

Manuka Use

Typical Use Upload clean 1)Install new honeypot 2)Configure vulnerability profile (CVE #N) 3)Reboot w/Manuka CD, ID system, upload Download clean 1)Boot w/Manuka CD 2)Select image and download Upload compromised 1)Boot w/Manuka CD 2)Associate w/original, annotate, upload

Accessing Manuka –Authentication required for all functionality –Multiple access levels supported

Upload Installation –Stores an installation in the Manuka database –Clean Image Specify system details Specify installation details Specify vulnerabilities –Compromised Image Associate with existing system Specify installation details

GZip Compressor Encrypted SSH Tunnel Manuka Database Clean or Compromised System Booted with Knoppix CD File Server : 9999 System Image Metadata System A, BA AFAED2A3D4E11 System B, BA AFAED2A3D4E11 Upload Component MD5 Hash CD FE23AD4F13 System C, CD FE23AD4F13

Download Installation –Writes an installation to the specified drive –Download Installation Specify target, system, and installation details Wait…

GZip UnCompressor Encrypted SSH Tunnel Manuka Database System to restore (Booted with Knoppix CD) File Server : 9999 Binary Files Location System A, BA651EF45AFAED2A3D4E11 System B, BA AFAED2A3D4E11 Download Component Image 3, CD FE23AD4F13 Request Binary Images Files MD5 Hash CD FE23AD4F13 System C, CD FE23AD4F13

System Search –Allows targeted access to system information –Search by system metadata –Retrieves all matching systems

System and Installation Details –Allows access to system data general information vulnerabilities installation details

Stored Data Management –User updates Operating Systems Operating System Versions –Automatic updates Vulnerabilities

Software Engineering Approach

Approach Extreme Programming –Pair programming Methodology –Development of user stories –Estimation/prioritization of user stories –Weekly iteration status meetings –Monthly iteration planning meeting –Working code –Metrics collection

Methodology Development of user stories Estimation/prioritization of user stories Weekly iteration status meetings Monthly iteration planning meeting Working code Metrics collection

Project Plan

The Manuka Times Tasks due Current risks User story status Delayed tasks Acceptance tests results

Project Website Customer communication Release dissemination Access to –source control –bug tracking –standards –current iteration information

Conclusion Support tool for setup/imaging of distributed honeypots Support for Hands-on Forensics Lab Exercises Base for Future Honeypot Analysis and IRT toolkit Example of Extreme Programming Concepts in action Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.