Attack Tool Repository and Player for ISEAGE May 06-11 Team:Jeremy Brotherton Timothy Hilby Brett Mastbergen Jasen Stoeker Faculty Advisor:Doug Jacobson.

Slides:



Advertisements
Similar presentations
Business Development Suit Presented by Thomas Mathews.
Advertisements

Team 7 / May 24, 2006 Web Based Automation & Security Client Capstone Design Advisor Prof. David Bourner Team Members Lloyd Emokpae (team Lead) Vikash.
Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.
Fundamentals of Information Systems, Second Edition
Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.
Alcatel Customized Training Site David Otero University of San Diego MSIT 526 Dr. Carl Rebman.
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Distributed Systems: Client/Server Computing
Inventory Control in Stores Dec05-09 Team: Jeff Benson Frederick Brown Christopher Reed Brian Wagner Date: December 6, 2005 Client: ISU Senior Design Program.
Web Development & Design Foundations with XHTML
Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
Final Year Project Presentation E-PM: A N O NLINE P ROJECT M ANAGER By: Pankaj Goel.
4/24/2007Iowa State University Program to Evaluate Alternative Energy Sources EE / CprE 492 May Team Members Christina Erickson Daniel Harkness Matt.
Web Developer & Design Foundations with XHTML
1 Web Developer Foundations: Using XHTML Chapter 8 Web Site Development.
Web Development Process Description
Web Based Applications
Joel Bapaga on Web Design Strategies Technologies Commercial Value.
Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.
ABSTRACT Zirous Inc. is a growing company and they need a new way to track who their employees working on various different projects. To solve the issue.
Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.
Computer-Based Trading Room Dec04-05 Client: ISU College of Business Advisor: Dr. Gerald B. Sheblé Team Members Steve Saillard Vipul Tiwari Dan Fitch Fahim.
SednaSpace A software development platform for all delivers SOA and BPM.
Quality Attributes of Web Software Applications – Jeff Offutt By Julia Erdman SE 510 October 8, 2003.
May Client Dustin Gray Associate Director of Compliance ISU Department of Athletics Faculty Advisor Dr. Doug Jacobson Development Team Andy Dorman.
ISU Alumni Association Online Store Abstract The Iowa State University Alumni Association desires a complete overhaul of their online store. The current.
Feasibility Study.
Calendar System Dale Wassum August 4, 2004 CPSC 463 :: Summer II 2004 :: Dr. Pargas.
Statistics Monitor of SPMSII Warrior Team Pu Su Heng Tan Kening Zhang.
Software Engineering Management Lecture 1 The Software Process.
May05-36: Boone Cemetery Management Software Boone Cemetery Management Software May05-36 Greg Thede, Director, Boone Parks Department Dr. Kothari Joseph.
CYBERSIM Dec Client: Information Assurance Center Advisor: Dr. Doug Jacobson Group Members: Ryan ApplegateCprE Saddam KhattakCprE Dan NguyenCprE/JLMC.
Software Project Documentation. Types of Project Documents  Project Charter  Requirements  Mockups and Prototypes  Test Cases  Architecture / Design.
Senior Design Laboratory Design Dec 05-01
Project Plan for nSite Central Michael Dunn Ryan Sessions Kyle Kerrigan.
NUOL Internet Application Services Final Presentation 24 th of May, 2004.
The group will focus on the design of a “smart” device. This includes researching the best method of design and fabricating the design to create a working.
Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.
COMP 208/214/215/216 – Lecture 8 Demonstrations and Portfolios.
Ames Community Schools (ACS) has been concerned with the performance of their students’ problem solving abilities on a nationally standardized exam. While.
Attack Tool Repository and Player for ISEAGE May06-11 Abstract Today’s world is changing shape as it increases its dependency on computer technology. As.
Campus Locator Definition Phase May04-04 Client: Senior Design Advisors: Dr. Lamont & Prof. Patterson Team Members Justin Davis Justin Gruca Rachel Hadaway.
Expert System Job Offer Evaluation Software May Abstract The project’s focus is to decide what criteria should be used to determine which job offer.
Experiment Management System CSE 423 Aaron Kloc Jordan Harstad Robert Sorensen Robert Trevino Nicolas Tjioe Status Report Presentation Industry Mentor:
May06-11: ISEAGE Attack Tool Repository and Player Jeremy Brotherton, Timothy Hilby, Brett Mastbergen, Jasen Stoeker.
D R A T D R A T ABSTRACT Every semester each department at Iowa State University has to assign its faculty members and teaching assistants (TAs) to the.
Internet Centralized K-12 Homework Assignment Capability May Client : Senior Design Team Ongo-08 Advisors : Dr. Thomas Daniels Dr. Yong Guan Team.
Alternative Energy Evaluation May06-16 Team Members: Steve ChebuharEE Anhtuan DinhEE Ryan FerneauCprE Justin JorgensenEE Client : Professor Ralph Patterson.
Mathematical Teaching Software System Ames Community Schools (ACS) has been concerned with their student’s performance in problem-solving on nationally.
Web-based Front End for Kraken Jing Ai Jingfei Kong Yinghua Hu.
HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr.
Schedule of Tasks Summary Estimated Resources and Schedule Proposed Approach and Considerations Abstract Introduction Ames Community Schools (ACS) has.
Project May07-14: Restaurant Automation April 24, 2007.
 Project Team: Suzana Vaserman David Fleish Moran Zafir Tzvika Stein  Academic adviser: Dr. Mayer Goldberg  Technical adviser: Mr. Guy Wiener.
Mathematical Teaching Software System Ames Community Schools (ACS) has been concerned with their student’s performance in problem-solving on nationally.
Web Programming Language
Globey’s World K-6 Teaching Application Support and Software Ongo-08b
Personnel Effort Budget
Software Support Framework
PHP / MySQL Introduction
Campus Locator – Definition Phase (May04-04)
ONGO-08 K-12 Teaching Application
Web Site Project Management
Globey’s World Ongo-08b Abstract End-Product Description Introduction
Ongo-08b: K – 12 Teaching Application Support
Project Team Information
Resources and Schedule
Project Team Information
Proposed Approach and Considerations
Presentation transcript:

Attack Tool Repository and Player for ISEAGE May Team:Jeremy Brotherton Timothy Hilby Brett Mastbergen Jasen Stoeker Faculty Advisor:Doug Jacobson Client:Information Assurance Center April 25, 2006

May06-11 ISEAGE Attack Tool Repository and Player2 Outline Introduction Introduction –Project background and requirements Project activities Project activities –Research, design, implementation, and testing Resources and schedule Resources and schedule –Personnel and financial Closing material Closing material –Project evaluation –Lessons learned –Risk management –Closing summary

May06-11 ISEAGE Attack Tool Repository and Player3 Definitions ASP - Active Server Pages, programming language for dynamic websites. ASP - Active Server Pages, programming language for dynamic websites. Exploit - An attack on a computer system that takes advantage of a vulnerability. Exploit - An attack on a computer system that takes advantage of a vulnerability. GUI – Graphical user interface GUI – Graphical user interface ISEAGE - Internet Scale Event and Attack Generation Environment, a network dedicated to creating a virtual Internet for the purpose of researching, designing, and testing cyber defense mechanisms. ISEAGE - Internet Scale Event and Attack Generation Environment, a network dedicated to creating a virtual Internet for the purpose of researching, designing, and testing cyber defense mechanisms. MySQL - Open source database that uses the Structured Query Language. MySQL - Open source database that uses the Structured Query Language. PHP - PHP: Hypertext Preprocessor, another programming language for dynamic websites. PHP - PHP: Hypertext Preprocessor, another programming language for dynamic websites. SSH – Secure Shell, a protocol that allows users to interact with a computer remotely over a secure session. SSH – Secure Shell, a protocol that allows users to interact with a computer remotely over a secure session. Vulnerability - A weakness in a system due to security procedures, implementation or other means that could be exploited. Vulnerability - A weakness in a system due to security procedures, implementation or other means that could be exploited.

May06-11 ISEAGE Attack Tool Repository and Player4 Problem Statement Problem Statement Problem Statement –Currently, trying to attack a computer vulnerability means scouring the Internet for the right attack –Computer professionals and others, need a way to locate and launch exploits quickly and easily Problem Solution Problem Solution –Develop a web application that interfaces to a database of network attacks –Users can search the database and launch attacks through a web browser

May06-11 ISEAGE Attack Tool Repository and Player5 Operating Environment ISEAGE network at ISU research park ISEAGE network at ISU research park –Software can operate on any platform –60-90 degrees Fahrenheit –Low moisture

May06-11 ISEAGE Attack Tool Repository and Player6 Intended Users and Uses Users Users –Researchers, students, vendors, and computer professionals Uses Uses –Evaluate weaknesses in computer systems and network architectures –Training users about computer and network security

May06-11 ISEAGE Attack Tool Repository and Player7 Assumptions The application is being coded using PHP and MySQL Maximum number of simultaneous users is twenty Maximum query response time is two seconds Any attack can only run for 60 seconds

May06-11 ISEAGE Attack Tool Repository and Player8 Limitations The database will not include all possible attacks or all known attacks Size of database is limited to available disk space This system will not fix vulnerabilities or pinpoint the cause of failure

May06-11 ISEAGE Attack Tool Repository and Player9 End Product and Deliverables Complete PHP website and MySQL database populated with exploits (commented source code) Complete PHP website and MySQL database populated with exploits (commented source code) User’s guide User’s guide Administrative guide – includes setup and maintenance instructions Administrative guide – includes setup and maintenance instructions Final report Final report

May06-11 ISEAGE Attack Tool Repository and Player10 Present Accomplishments Verified client needs and requirements Verified client needs and requirements Researched approaches for problem solution Researched approaches for problem solution Completed detailed design Completed detailed design Created prototype website and database Created prototype website and database Added prototype functionality to meet client’s needs Added prototype functionality to meet client’s needs Developed accompanying documentation Developed accompanying documentation Working application was approved by client and has been delivered Working application was approved by client and has been delivered

May06-11 ISEAGE Attack Tool Repository and Player11 Approaches Considered and Used MySQL database of current exploits for several platforms MySQL database of current exploits for several platforms PHP based webpage that allows users to search the database for exploits PHP based webpage that allows users to search the database for exploits PHP code that allows users to launch exploits with the click of a button PHP code that allows users to launch exploits with the click of a button Apache web server for hosting the interface Apache web server for hosting the interface

May06-11 ISEAGE Attack Tool Repository and Player12 Approaches Considered and Used cont. Stand alone computer application Stand alone computer application Remote connection to database Remote connection to database Database remotely connects to various computers Database remotely connects to various computers

May06-11 ISEAGE Attack Tool Repository and Player13 Definition Activities Discussed project needs with client and obtained approval for proposed solution Discussed project needs with client and obtained approval for proposed solution Final Project Definition Final Project Definition –To develop a scalable, web-based application that provides users with the ability to search for network attacks and launch them with a single click

May06-11 ISEAGE Attack Tool Repository and Player14 Research Activities Webpage programming languages Webpage programming languages –PHP and ASP Database options Database options –MySQL and SQL Server 2005

May06-11 ISEAGE Attack Tool Repository and Player15 Database Technologies MySQL SQL Server 2005 Open Source Open Source Mature and Well Tested Mature and Well Tested Platform Independent Platform Independent  Not as Well Integrated  Not as Much Pre- Written Code  Best Integration of Any Platform  Most Extensive Tools  Large Amount of Pre- Written Code  Licensing Issues  Not mature, limited track record

May06-11 ISEAGE Attack Tool Repository and Player16 Webpage Programming Languages PHP ASP.NET 2005  Current Version Well Tested  Many Online Examples  Cross Platform  Not as Well Integrated  Can’t Drag and Drop Interfaces  Extremely Well Integrated with SQL Server 2005  Large Amount of Built in Objects  Best IDE  Licensing Issues  Not mature

May06-11 ISEAGE Attack Tool Repository and Player17 Technology Selections MySQL MySQL PHP PHP Apache Apache

May06-11 ISEAGE Attack Tool Repository and Player18 Design Activities Design constraints Design constraints –Platform independent –Web-based –Powerful and extensible database –Administrator controls

May06-11 ISEAGE Attack Tool Repository and Player19 Basic Solution Architecture

May06-11 ISEAGE Attack Tool Repository and Player20 Implementation Activities Design website framework Design website framework Develop a test database with fake exploits Develop a test database with fake exploits Created PHP code to run search queries Created PHP code to run search queries Developed PHP code to launch attacks Developed PHP code to launch attacks Original designs remained unchanged Original designs remained unchanged

May06-11 ISEAGE Attack Tool Repository and Player21 Testing Activities User search criteria translated into proper SQL query User search criteria translated into proper SQL query Query results returned back properly Query results returned back properly Launching of attacks is actually generating network traffic Launching of attacks is actually generating network traffic Evaluation by both the team and ISEAGE graduate students Evaluation by both the team and ISEAGE graduate students

May06-11 ISEAGE Attack Tool Repository and Player22 Testing Priorities High priority tests cover critical product features High priority tests cover critical product features Medium priority tests cover supplemental product features Medium priority tests cover supplemental product features Low priority tests cover non-essential product features Low priority tests cover non-essential product features

May06-11 ISEAGE Attack Tool Repository and Player23 Testing Results PriorityTestsPassedFixed % Complete High981100% Medium440100% Low30133% Total %

May06-11 ISEAGE Attack Tool Repository and Player24 Significant Activities ComponentEnd Result Website softwareCompleted User documentationCompleted Administrative guideCompleted Database structure and contents Completed Commented source codeCompleted

May06-11 ISEAGE Attack Tool Repository and Player25 Personnel Effort Requirements

May06-11 ISEAGE Attack Tool Repository and Player26 Other Resource Requirements

May06-11 ISEAGE Attack Tool Repository and Player27 Financial Requirements

May06-11 ISEAGE Attack Tool Repository and Player28 Project Schedule

May06-11 ISEAGE Attack Tool Repository and Player29 Closing Material Project evaluation Project evaluation Commercialization Commercialization Additional work Additional work Lessons learned Lessons learned Risk and risk management Risk and risk management Closing summary Closing summary

May06-11 ISEAGE Attack Tool Repository and Player30 Project Evaluation Milestone evaluation criteria CriteriaScore Greatly exceeded110% Exceeded105% Fully met100% Partially met80% Not met30% Not attempted0%

May06-11 ISEAGE Attack Tool Repository and Player31 Project Evaluation Cont. Project Results MilestoneEvaluationResultant Percentage Project plan developmentFully Met20%*100 = 20% Design researchFully Met5%*100 = 5% Technology selectionFully Met5%*100 = 5% Initial product designFully Met20%*100 = 20% Framework implementedFully Met10%*100 = 10% End-product testingPartially Met15%*80 = 12% End-product documentationFully Met15%* 100 = 15% End-product demonstrationFully Met10% * 100 = 10% Total97%

May06-11 ISEAGE Attack Tool Repository and Player32 Commercialization Not planned, developed strictly for use with ISEAGE Not planned, developed strictly for use with ISEAGE

May06-11 ISEAGE Attack Tool Repository and Player33 Future Work Continuing to add to the database of exploits Continuing to add to the database of exploits Adding additional functionality such as allowing users to interact with the remote machine via the web interface Adding additional functionality such as allowing users to interact with the remote machine via the web interface Allow users to select target machines from a network diagram Allow users to select target machines from a network diagram

May06-11 ISEAGE Attack Tool Repository and Player34 Lessons Learned What went well What went well –Implementation, client demonstration, team work What did not go well What did not go well –Equipment setup, project plan Technical knowledge gained Technical knowledge gained –PHP, MySQL, XAMPP Non-technical knowledge gained Non-technical knowledge gained –Communications skills, long term planning What would be done differently What would be done differently –Implementation, hardware setup

May06-11 ISEAGE Attack Tool Repository and Player35 Risks and Risk Management Anticipated risks Anticipated risks –Loss of a team member due to sickness or other unexpected circumstances –Missed deadlines –Faulty product –Poor communications among team members may halt the project –Data loss

May06-11 ISEAGE Attack Tool Repository and Player36 Risks and Risk Management cont. Risk management Risk management –Continually informed team of individual progress and shared all essential project knowledge –Team leader kept close track of all upcoming deadlines and always tried to be one week ahead –Continually met with Dr. Jacobson to ensure project was progressing in the intended direction –Regularly scheduled meetings and team communication ensured all team members were always informed –All implementation code was placed in a backed up CVS repository and all project documents were regularly distributed to all team members

May06-11 ISEAGE Attack Tool Repository and Player37 Risks and Risk Management cont. Anticipated risks encountered Anticipated risks encountered –Loss of a team member due to sickness –Work load was divided among remaining team members Unanticipated risks encountered Unanticipated risks encountered –Dead on arrival hardware –Implementation and testing were carried out on a single machine Changes in risk management due to unanticipated risks Changes in risk management due to unanticipated risks –Changed deadlines –Assumed each task would have unexpected problems

May06-11 ISEAGE Attack Tool Repository and Player38 Closing Summary Problem Problem –Need to locate and launch exploits from one location –Users need a simple interface to this type of tool Solution Solution –Developed a MySQL database of attacks –Created PHP based website to interface with a database and it has the ability to launch specific exploits from any web browser

May06-11 ISEAGE Attack Tool Repository and Player39 Any questions or comments?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.