1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

Slides:



Advertisements
Similar presentations
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Advertisements

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Infrastructure as a Service (IaaS) Amazon EC2
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Guide to Network Defense and Countermeasures Second Edition
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
IBM Security Network Protection (XGS)
Authors: Thomas Ristenpart, et at.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
A Survey on Interfaces to Network Security
New Challenges in Cloud Datacenter Monitoring and Management
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Utility Computing Casey Rathbone 1http://cyberaide.org.edu.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Written by Thomas Ristenpart Eran Tromer Hovav Shacham Stehan.
Survey – IDS Testing Marmagna Desai [ 592 Presentation]
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Penetration Testing Security Analysis and Advanced Tools: Snort.
COEN 252 Computer Forensics
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
Monitoring for network security and management Cyber Solutions Inc.
Honeypot and Intrusion Detection System
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
Rwanda GovNet Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent Nkurunziza Xuan Pan Nkusi Issa Claude Hakizimana Joakim Slettengren Innocent.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Improving Network I/O Virtualization for Cloud Computing.
Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,
Module 4: Planning, Optimizing, and Troubleshooting DHCP
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 4 09/10/2013 Security and Privacy in Cloud Computing.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Thomas Ristenpart,Eran Tromer, Horav Shahcham and Stefan Savage
Neev Technologies - Confidential 2010 Service Offering – NeevCloudLoad Cloud Based Load Testing Solution.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.
Security in Cloud Computing Zac Douglass Chris Kahn.
Cryptography and Network Security Sixth Edition by William Stallings.
Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Intrusion Detection System
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Department of Computer Science Punjabi University, Patiala
Some Great Open Source Intrusion Detection Systems (IDSs)
SIEM Rotem Mesika System security engineering
Mapping/Topology attacks on Virtual Machines
CompTIA Security+ Study Guide (SY0-401)
Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,
CompTIA Security+ Study Guide (SY0-401)
Intrusion Detection & Prevention
Detecting Targeted Attacks Using Shadow Honeypots
Abeer Ali, Dimitrios Pezaros, Christos Anagnostopoulos 
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Security in Cloud Computing
Presentation transcript:

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed Architectures (SPEDA2010) Claudio Mazzariello Roberto Bifulco Roberto Canonico “Federico II” University of Napoli

2 Outline Cloud computing security issues Examples of recent security incidents Securing a Cloud Implementation of a Cloud A network Intrusion Detection System Experimental evaluation

3 Cloud Computing peculiarities Shared resources among several customers Highly dynamic infrastructures Cheap access to large scale computation/storage/communication facilities …

4 Cloud Computing security issues Shared resources among several customers New types of attacks (e.g. DoS over colocated VMs) Privacy infringement... Highly dynamic infrastructures Users tracking and profiling Cheap access to large scale computation/storage/communication facilities Misuse of the CC model aimed at conducting illegal activities

5 Attack source External attackers M alicious users perform attacks targeting Cloud users Internal attackers Malicious users rent a share of Cloud resources Cheap, huge amounts of resources can be exploited to perform attacks against remote victims

6 Examples of CC-related security incidents “We have several customers being attacked from the same EC2 instance on their network for 2 full days now...” “I discovered that several systems on the Amazon EC2 network were preforming brute force attacks, against our VoIP servers.” attack-originating-from-amazon-ec2-hosts/ “Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all Amazon EC2 traffic.” brute-force-attacks-on-rise/

7 Securing a Cloud by monitoring traffic Cloud computing suffers from common network-related security threats Cl oud computing, with its novel usage paradigm, introduces novel threats We evaluate effectiveness and impact of common, production level traffic monitoring tools Using different deployment strategies Centralized vs. Distributed By measuring Computational overhead Detection capability

8 IMPLEMENTING A CLOUD

9 Open Source Cloud Computing Eucalyptus is an open source Cloud Computing system that reproduces all Amazon EC2's services It allows the management of multiple “Availability zones”. Client-side API Cloud Controller Cluster Controller Node Controller Amazon EC2 Interface Database

10 Looking at a single cluster Our focus is on a single cluster managed by Eucalyptus (One geographic location) Client-side API Cloud Controller Amazon EC2 Interface

11 NETWORK SECURITY TOOL

12 Functionalities of an Intrusion Detection System Activity monitoring (sensor) – Network traffic packets Recognize suspicious and inappropriate activities (analyzer) Generate alerts (user interface) Sensor Analyzer User Interface

13 Snort – an open source Intrusion Detection System Snort is a signature based IDS – Each detectable attack is described by a static rule – Each rule contains particular byte-patterns and values to be sought for in both the packet header and payload Snort operates in real-time Snort is open-source – Flexible – Extendable

14 EXPERIMENTAL EVALUATION

15 Distribution of services in nodes Asterisk SIP server RTP user agents Apache web server

16 The overall picture “Inviteflood” attack tool D-ITG background traffic generator

17 Two different IDS deployment scenarios One IDS close to the cluster controller – Monitors inbound/outbound traffic – Monitors traffic between different security groups – VLAN tags are removed Traffic related to different security groups becomes indistinguishable Several IDS’s, each close to a physical machine – Each IDS monitors traffic to/from virtual resources hosted on the physical machine In both scenarios, all attack instances are correctly detected

18 MONITORING AT THE CLUSTER CONTROLLER

19 50 % 100 % Cluster Front-end CPU profile Snort Packet forwarding

20 MONITORING AT EACH PHYSICAL MACHINE

21 Attacked worker node CPU profile 50 % 100 % Attacked VM Dom0 Non-attacked VMs

22 Non-Attacked worker node CPU profile 50 % 100 %

23 Conclusions Monitoring traffic at the cluster controller – Privileged observation point – Look at all traffic – Misses internal attacks Monitoring traffic at each physical machine – Limited scope – Ligthweight – Increased cloud resilience

24 Thank you! Claudio Mazzariello –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.