An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Chapter 10 Site Architecture McGraw-Hill/Irwin Copyright © 2004 by The McGraw-Hill Companies, Inc. All rights reserved.
8.
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
1 Chapter 7 IT Infrastructures Business-Driven Technology
eGovernance Under guidance of Dr. P.V. Kamesam IBM Research Lab New Delhi Ashish Gupta 3 rd Year B.Tech, Computer Science and Engg. IIT Delhi.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Desigo CCTM Your milestone in building management
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
CLOUD COMPUTING.  It is a collection of integrated and networked hardware, software and Internet infrastructure (called a platform).  One can use.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
A Survey on Interfaces to Network Security
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Security Architecture
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
7-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Chapter 7 IT Infrastructures.
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Summary of Distributed Computing Security Yifeng Zou Georgia State University
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Distributed System Concepts and Architectures 2.3 Services Fall 2011 Student: Fan Bai
SIMO SIMulation and Optimization ”New generation forest planning system” Antti Mäkinen & Jussi Rasinmäki Dept. of Forest Resource Management.
Chapter 2 Securing Network Server and User Workstations.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.
NOVA A Networked Object-Based EnVironment for Analysis “Framework Components for Distributed Computing” Pavel Nevski, Sasha Vanyashin, Torre Wenaus US.
Cryptography and Network Security Sixth Edition by William Stallings.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Chapter 9  2000 by Prentice Hall. 9-1 Client/Server Computing.
A Blackboard-Based Learning Intrusion Detection System: A New Approach
Parasoft : Improving Productivity in IT Organizations David McCaw.
M. Caprini IFIN-HH Bucharest DAQ Control and Monitoring - A Software Component Model.
IT 5433 LM1. Learning Objectives Understand key terms in database Explain file processing systems List parts of a database environment Explain types of.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
Some Great Open Source Intrusion Detection Systems (IDSs)
CompTIA Security+ Study Guide (SY0-401)
Understanding The Cloud
System Design, Implementation and Review
Secure Software Confidentiality Integrity Data Security Authentication
Security Methods and Practice CET4884
Grid Computing.
CompTIA Security+ Study Guide (SY0-401)
Overview Introduction VPS Understanding VPS Architecture
Chapter 2: System Structures
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
How to Detect Attacks and Supervise Rail Systems?
DAT381 Team Development with SQL Server 2005
Mark Quirk Head of Technology Developer & Platform Group
Presentation transcript:

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński Poznań Supercomputing and Networking Center POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

The need for a new security tool in open network environments The value of information processed and stored in computer networks is growing rapidly Classical approaches of the information security seem to be useless, especially in open network environments System security is often reached along with a loss of its functionality The threats to the information security have its sources in software errors There is insufficient support from software and hardware vendors in the security area POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

Intrusion Detection Systems (IDS) - definition The main purpose of such a system is to detect in real time, all kinds of inappropriate user activity such as attempts to breach system integrity or gain unauthorized access to information. Because the intrusion detection process is a complex task, its automation seems to be necessary. POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

Most of currently employed IDS systems: Intrusion Detection Systems - state of the art Detect only known attack scenarios Try to detect basic anomalies in user and system activity Use unreliable information source (network) Offline use of reliable information source (audit log) Are passive monitors and detectors but no active protectors As for now there are no hybrid Intrusion Detection Systems on the market ready to be put into practice and providing complex security POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

Extension to the intrusion detection model: Security Maintaining System as a new approach to open network environment security New IDS system functionality Hybrid approach to detection process (anomaly and misuse) Reliable information source (operating system kernel) On-line monitoring of system and user activities Active protection of the system Global implementation of the security policy in a distributed environment POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

Application of the IDS system in an open network environment

POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER A useful and effective tool for security maintenance in network environments, where other standard security methods (e.g. network isolation, access restrictions) cannot be used. An approach to automate a process of detecting unauthorised accesses in open network environments. VALIS

The VALIS system is designed as a modular architecture: VALIS design Flexible to suite the demanded level of security Scalable Provides additional functionality The VALIS system is designed to operate in a distributed environment: Easily adaptable to the operating environment Partially distributed analysis Capability to monitor and protect all systems POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

 Information Collecting Module runs on each of the protected systems and collects information about their states and user activity  Communication Module exchanges data between protected systems and security management stations  Analysis and Decision Module a basic analysis takes place on each protected system and its extended version on the security management station VALIS - Main Modules

POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER  Archive Module is responsible for storing all important information about the system and user activities in a safe way, which makes it possible to track all changes in the system according to their needs  Response Module performs specific actions in a protected system as a response of the decisions made by the analysis module VALIS - Main Modules cont.

VALIS system architecture POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

Analysis and decision modules ESM (Expert System Module) is the main analysis module of the VALIS system. Its purpose is to analyze the information provided by other modules running on client and server systems. Rules make a core part of the decision mechanism and can express: Management and coordination between all modules Global system security policy Detection process support System attacks detection Processing of the information obtained from other analysis modules Such an architecture allows the use of parallel, different analysis modules POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

Information Collecting modules Reliability Full view of protected systems state and its users’ activities Security Should not imply any danger to the system and should resist any user manipulation attempt Efficiency Should not have big influence on systems performance and do not disturb legal users’ activities Flexibility Should provide information about system in the proper format ready for further processing Information about system state and users activities are retrieved directly from the operating system kernel POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

Inter-Modules Communication Layer The main task of IMCL is to provide efficient interface between all modules of the VALIS system. The communication protocol has to fulfil the following assumptions: Flexibility (it can be easily adopted to any network environment) Trustworthy (it should be reliable and provide high level of security) Independence (it should be independent of network and operating system) POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

VALIS - sample architecture POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER

Summary There is a need for security maintaining systems that are not only detecting intrusion attempts but also actively protect against them. The main features of the VALIS system architecture: Modular architecture High level of flexibility Hybrid approach to detection process (anomaly and misuse) New functionality along with quality POZNAŃ SUPERCOMPUTING AND NETWORKING CENTER