3 June, 2016 Toorcon Security Expo 2001 1 Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

Component Oriented Programming 1 Chapter 2 Theory of Components.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Chapter 19: Network Management Business Data Communications, 5e.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

Security Awareness: Applying Practical Security in Your World

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

Yan Chen Dept. of Computer Science Northwestern University Information Security Curriculum Development in Northwestern.

Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.

Web server security Dr Jim Briggs WEBP security1.

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Intranet, Extranet, Firewall. Intranet and Extranet.

Penetration Testing Security Analysis and Advanced Tools: Snort.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.

Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Shadow Security Scanner Li,Guorui. Introduction Remote computer vulnerabilities scanner Runs on Windows Operating Systems SSS also scans servers built.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Honeypot and Intrusion Detection System

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Linux Networking and Security

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

Network Security: Lab#5 Port Scanners and Intrusion Detection System

Department of Electronic Engineering Challenges & Proposals INFSO Information Day e-Infrastructure Grid Initiatives 26/27 May.

BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.

S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.

Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

James S. Rothfuss, Computer Protection Program COMPUTING SCIENCES NETS Network Equipment Tracking System.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Hackers and Scanners Antti Palokangas. Hackers & scanners Most of scanners are easy to use and widely distributed It is no longer a question of if, but.

DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products.

Outline Securing your system before the IDS and some tools to help you

Top 5 Open Source Firewall Software for Linux User

Working at a Small-to-Medium Business or ISP – Chapter 8

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Intro to Ethical Hacking

Presentation transcript:

3 June, 2016 Toorcon Security Expo Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed Assessments

17 July, 2001Toorcon Security Expo Introduction Hydra integrates IDS, scanning and vulnerability assessment tools with an agent framework Uses intelligent agent and AI techniques to collect, evaluate and act on events All tools are open source and freely available New tools can be integrated into the agent framework

17 July, 2001Toorcon Security Expo Hydra Integrates a Set of Publicly Available Tools ZEUS: Infrastructure to build intelligent agent systems CLIPS: (C Language Integrated Production System) A productive development and delivery expert system shell Portsentry, clog, nmap, logcheck, snort, et al Hydra incorporates these and other tools, using the FIPA communication protocol to bind the agents together  FIPA is a common group of standards describing the communication and other protocols for intelligent agents

17 July, 2001Toorcon Security Expo ZEUS Award Winning Agent Building Toolkit Provides an integrated environment for rapid development of multi-agent applications Entirely implemented in Java 2 Open Source (released to the community by British Telecom in 2000)

17 July, 2001Toorcon Security Expo ZEUS Agent Creation Provides a framework for agent communication Contains rudimentary intelligence Supports quick understanding of agent based systems

17 July, 2001Toorcon Security Expo Agent Creation with ZEUS Agent ontology (common vocabulary) is created Societal responsibilities are determined for each agent Agent tasks and rule bases are defined based on the agent society Skeleton Java code is generated for the agents Custom code is added for specific functionality and user interface Agent communication, fact management and rule activation is provided by the ZEUS framework

17 July, 2001Toorcon Security Expo ZEUS Encapsulates CLIPS C Language Integrated Production System Productive development delivery expert system tool Environment for construction of Rule/Object-based expert systems CLIPS contains knowledge representation, portability, integration, and extensibility ZEUS contains a Java implementation of CLIPS  Full RETE algorithm implementation  Flexibility in rules and inferencing

17 July, 2001Toorcon Security Expo Common Intrusion Detection Packages used in Hydra Portsentry: a host-based intrusion detection system which monitors TCP and UDP ports Snort: a lightweight network intrusion detection system, capable of performing real- time traffic analysis and packet logging on IP networks Clog: simple TCP connection logger Other agents (such as arpwatch) will be included as time and resources permit

17 July, 2001Toorcon Security Expo Common Port and Vulnerability Scanners Used in Hydra Nmap: a utility for port scanning large networks; it also works fine for single hosts.  Nessus: a free, open-sourced and easy-to-use security scanner. It compares favorably with the more expensive commercial scanners  Home grown scanners, based on other open source scanners Hydra has the capability to use commercial scanners such as NFR and ISS

17 July, 2001Toorcon Security Expo ZEUS Uses 1997 FIPA Specifications Foundation for Intelligent Physical Agents Non-profit organization aimed at producing standards for interoperation of heterogeneous software agents ZEUS will be updated to new, post-1997 standards when they are defined The FIPA structure provides a convenient and useful mechanism for ZEUS and similar agents to communicate

17 July, 2001Toorcon Security Expo Enhancements to ZEUS Reviewing and cleaning up code Adding security features  Secure communication (SSL)  Authentication (signed applets/applications) Expanded and improved scheduling and decision making capabilities Improvements will be offered for inclusion in ZEUS distribution

17 July, 2001Toorcon Security Expo Enhanced Security Integrating Java SSL (Sun JSSE) package into the ZEUS architecture  Agent communication protected with strong encryption  Agent authentication provided by digital certificates

17 July, 2001Toorcon Security Expo Hydra Architecture Agents act as wrappers for IDS tools Agents collect, format and forward data to the host agent IDS data is evaluated for significant events using AI methods Agents respond intelligently by starting additional IDS, defensive or offensive agents ZEUS provides the infrastructure

17 July, 2001Toorcon Security Expo Intelligent Agents: Independent and Creative Hydra contains an expert system shell (from Zeus) Each agent makes decisions about its environment and tasks Hydra adds new capabilities  New search techniques  Independent decision capability  Creates agents that respond to new events as needed

17 July, 2001Toorcon Security Expo Fusion of Data from Independent Agents Each agent contributes its piece of knowledge. The knowledge is rated, after considering the following:  The age of the data  The type of agent  The dependability of the data  Criticality (or importance) of the data  The number of other agents reporting similar data  The number of other agents reporting conflicting data The last two items can be thought of as negative and positive corroboration

17 July, 2001Toorcon Security Expo Distributed Intrusion Detection Different computer architectures notice different attacks Distributed IDS/NIDS using existing tools (e.g. snort, portsentry, ISS) Agents intelligently coordinate intrusion reports Improved performance during coordinated attacks) Evaluates data using attack signatures from multiple systems

17 July, 2001Toorcon Security Expo IDS Scenario Scan or Attack Control and Coordination Offensive Actions Host with Agent Host Host with Agent Host Firewall Router Bad Guy Data Collection and Decision Agent Host with Agent Defensive Actions Data

17 July, 2001Toorcon Security Expo Distributed Scanning Distributed Denial of Service (DDoS) meets nmap Distributed scanning using existing tools (e.g. nmap, strobe, or firewalk) Agents intelligently coordinate scanning Improved performance in adverse conditions (IP based blocking) Enhances spoofing and decoy scanning Correlates and evaluates data from multiple simultaneous scans

17 July, 2001Toorcon Security Expo Scanning Scenarios: Spoofed Redirect Scans from spoofing scanners return to the data collection agent Decoy scanners used to obscure data collection IP Coordination agent controls scanning agents Target can see the data collection agent but not the scanner IP Decoy Scanner Spoofing Scanner Decoy Scanner Spoofing Scanner Target Control and Coordination Data

17 July, 2001Toorcon Security Expo Scanning Scenarios: Scanning Zombies Scanner agents scan target under control of coordination agent Decoy scanners used to obscure scanner agent IP Scanner agents return data to data collection agent for analysis Target never sees data collection or coordination agent IP Coordination agent stops, starts, or creates new scanning agents Data Collection and Coordination Decoy Scanner Scanner Decoy Scanner Scanner Target Control and Coordination Data

17 July, 2001Toorcon Security Expo Merits of Hydra Uses all open source tools IDS, scanning, and evaluation tools used in real life  Not a prototype or superficial construct  Not trying to reinvent the wheel Java cross platform capability integrates tools running on their native platform True intelligent agents

17 July, 2001Toorcon Security Expo Further Information Etaoin Shrdlu: Gurney Halleck: