1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.

Slides:

Advertisements

Similar presentations

Robot Sensor Networks. Introduction For the current sensor network the topography and stability of the environment is uncertain and of course time is.

Advertisements

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

System Security Scanning and Discovery Chapter 14.

1 Improving the Performance of Distributed Applications Using Active Networks Mohamed M. Hefeeda 4/28/1999.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Interpret Application Specifications

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.

1 Presentation ISS Security Scanner & Retina by Adnan Khairi

Maintaining and Updating Windows Server 2008

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

What is Crystal Reports By: Wase Siddiqui. History Crystal Reports was not created by SAP. It was a Software created by Terry Cunningham. It was created.

Automatic Software Testing Tool for Computer Networks ARD Presentation Adi Shachar Yaniv Cohen Dudi Patimer

Client/Server Architectures

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

INTRODUCTION TO WEB DATABASE PROGRAMMING

Research on cloud computing application in the peer-to-peer based video-on-demand systems Speaker : 吳靖緯 MA0G rd International Workshop.

Layered Approach using Conditional Random Fields For Intrusion Detection.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

CSI-E Computer Security Investigator – Enterprise.

A Web Crawler Design for Data Mining

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

Automatic Software Testing Tool for Computer Networks ADD Presentation Dudi Patimer Adi Shachar Yaniv Cohen

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

Honeypot and Intrusion Detection System

A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

Computer Security and Penetration Testing

SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future.

CSC8320. Outline Content from the book Recent Work Future Work.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

The ProactiveWatch Monitoring Service. Are These Problems For You? Your business gets disrupted when your IT environment has issues Your employee and.

Oracle 10g Database Administrator: Implementation and Administration Chapter 2 Tools and Architecture.

1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.

MagicNET: Security System for Protection of Mobile Agents.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Microsoft Management Seminar Series SMS 2003 Change Management.

Private Branch eXchange (PBX)

Malicious Software.

WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.

Computer Security By Duncan Hall.

Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.

Microsoft Azure Powers Optimized Features of ESET File Security and Its Superior Protection, High Detection Speed, and Smooth Operation MICROSOFT AZURE.

Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Introduction to Core Database Concepts Getting started with Databases and Structure Query Language (SQL)

Maintaining and Updating Windows Server 2008 Lesson 8.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.

Chapter 40 Internet Security.

Critical Security Controls

Security Testing Methods

Software Design and Architecture

Configuration for Network Security

Backtracking Intrusions

Lecture 1: Multi-tier Architecture Overview

6. Application Software Security

Presentation transcript:

1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli

2 Outline Introduction The problem and our proposal Structure of The System Operation of The System Conclusions Future Work

3 Introduction Nowadays, computers and internet are everywhere. This resulted in a huge number of security threats. Attacks and attack tools are becoming everyday more complex and sophisticated.

4 Introduction (cont’d) Traditional point solutions like antivirus, firewalls, anti-spyware, etc. are not enough anymore to face the current security challenge. Another layer of security is needed.

5 Vulnerability problem Basically, vulnerability is a weakness in a system that can be a potential vector of an attack performed by a malicious user Two different possibilities to face the vulnerability problem:  Build secure software that does not have vulnerabilities  Detect and eliminate all the vulnerabilities before an attacker can discover and exploit them

6 Vulnerability problem (cont’d) The first option is clearly infeasible, due to several factors like cost, bad programming practices, programming language limitation and inherent OS bugs, etc. Therefore, the best way is to detect those vulnerabilities in advance and apply patches before an attack can occur.

7 Our proposal A system based on MAs technology, moving from the usual passive/reactive approach to a proactive one. The approach includes the following aspects: Autonomously vulnerabilities detection on different hosts (in a distributed network) before an attacker can exploit them; When a vulnerability is discovered, applying patches automatically; Perform tasks related to security management.

8 Structure of the System 1. Comprehensive Vulnerability DataBase (CVDB) 2. DataBase Management Engine (DBME) 3. MAgNet Vulnerability Management Console (MVMC) 4. Mobile Agents 5. Sensors

9 Structure of the System (cont’d)

10 CVDB To achieve a high level of vulnerability assessment, we need a very Comprehensive Vulnerability DataBase (CVDB) Comprehensive in terms of quantity of data and quality of data. CVDB is composed of two layers of information.

11 CVDB - 1st (static) Layer

12 CVDB - 2nd layer

13 DB Management Engine (DBME) Provides SysAdmin with up-to-date and rich information about vulnerabilities. It can be achieved by analyzing any db in xml format and whose structure is defined by a XML Schema Definition (xsd) or sql/mysql schema file. Moreover, this “engine” scans the securityfocus web database, storing all the information needed in the CVDB.

14 MAgNet Vulnerability Management Console (MVMC) The GUI that interacts with the system and allows the system administrator to manage all the functionalities available

15 Mobile Agent: brief overview It is a particular software agent that can works autonomously towards a specific goal It comprises of code and data It can interact with other agents It can sospend its execution on a host, save the state, move to another host, then come back and resume its execution from the previous point and complete it

16 Advantages of using MAs MAs and Vulnerability Analysis Automatically vulnerability scan at remote hosts MAs write the host profile, check this profile against the CVDB, fetch the relative patches from patch db and execute these patches at the target machine autonomously MAs increase the ability of SysAdmin to add quickly and easily distributed components to existing systems This whole process will help SysAdmin to keep secure the entire network in an efficient, effective and, more than everything else, timely manner.

17 Advantages of using MAs (cont’d) Overcoming Network Latency Reducing Network Load Robust and Fault-tolerant Behaviour Scalability Etc…

18 Sensors We have used Nessus as sensor to scan vulnerabilities. Nessus is a vulnerability scanner able to detect known and unknown weaknesses. It performs several kinds of analyses on the target system from the port scan until the malformed packet test.

19 Operation of the System CVDB generation Vulnerability Analysis Patches Management and Enforcement

20 CVDB Generation

21 Vulnerability Analysis Two ways to do it Security administrator launches Agent_Vulnerability_Analyzer from his computer to a host or multiple hosts in the network through MVMC. Once agent reaches the remote host, it fetches host profile containing information about the every software installed and their attributes. This agent will check the host profile against the vulnerability database, looking for known vulnerabilities present in the remote machine.

22 Vulnerability Analysis (cont’d) The other way is to send Agent_Host_Scanning to the desired hosts. It executes local Nessus daemon in the background that scans the target. After its execution ends, Nessus generates a report in xml format. Once the scanning is completed, Agent_Host_Scanning launches an Agent_Scanning_Report through which it will send the detailed scanning report back to the administrator.

23 Vulnerability Analysis (cont’d) When Agent_Scanning_Report reaches the security administrator’s workstation, it notifies the administrator how many vulnerabilities have been found, allowing the administrator to check the report immediately or later. In case the administrator wants to check the report immediately, it will be transformed into the more “human-readable” html format by using XSL Transformer and then showed in the web browser integrated in MAgNet.

24 Patches Management and Enforcement When MA finds a vulnerability, in the corresponding CVDB entry there are info regarding the eventual availability of patch and the url where to download from MA autonomously downloads it, carries and install it to the target host From now on, the patch is stored in the server in case in the future it will be needed

25 Conclusions The solution proposed shows the great advantage to use MAs interacting with a comprehensive vulnerability database and other external tools. The design shows that, with MA, is possible to decrease considerably the big amount of time needed to a system admin to perform vulnerabiltiy management.

26 Conclusions (cont’d) Moreover, scanning with Nessus and through MAs the scans take place locally on each host. Hence the system uses the computational power of all the hosts without overloading a single central workstation, and it does not flood either the network with a lot of packets.

27 Future Work Patch installation requires deeper feasibility study. The currently system delivers patches and is able to install only those one for which human being interaction is not required

28 Future Work (cont’d) A future research can be conducted to see how, with the help of mobile agents, could be possible to “deliver” the input request to the system administrator whenever it is required during the installation process, and then bringing back the response. Moreover it could save administrator responses and use them to perform autonomously future execution on other hosts, without bothering the administrator anymore.