INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Dept. of Computer Science Trinity.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
HEAnet Conference 2006 John Walsh Grid-Ireland Grid Manager Trinity College Dublin The Grid Computing Infrastructure in Ireland and Abroad.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems Sai Nandoor Priya Selvam Balaji Badam.
Security administrators The experts need better tools too!
Sept 27 th – 29 th, 2002Linz 2002, Task Task 3.3 Grid Monitoring Subtask SANTA-G Brian Coghlan, Stuart Kenny Trinity College Dublin.
INTRUSION DETECTION SYSTEM
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
Active Security Infrastructure Stuart Kenny Trinity College Dublin.
Penetration Testing Security Analysis and Advanced Tools: Snort.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.
The National Computational Grid for Ireland OpsCentre Infrastructure Staff TestGrid Porting Current Issues Future Plans Grid-Ireland OpsCentre.
IIT Indore © Neminah Hubballi
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.
Poznan July-2003 CrossGrid Task 3.3 CrossGrid Task 3.3 Grid Monitoring Trinity College Dublin (TCD, AC14 – CR11) Brian Coghlan, Stuart Kenny, David O’Callaghan.
INFSO-RI Enabling Grids for E-sciencE Status of LCG-2 porting Stephen Childs, Brian Coghlan and Eamonn Kenny Grid-Ireland/EGEE October.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Simply monitor a grid site with Nagios J.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
FORESEC Academy FORESEC Academy Security Essentials (III)
1 Action Automated Security Breach Reporting and Corrections.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
An Intrusion Detection System to Monitor Traffic Through the CS Department Christy Jackson, Rick Rossano, & Meredith Whibley April 24, 2000.
Network Security: Lab#5 Port Scanners and Intrusion Detection System
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Stuart Kenny and Stephen Childs Trinity.
Module 7: Advanced Application and Web Filtering.
Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Trinity College Dublin.
S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.
Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.
Snort - Lightweight Intrusion Detection for Networks YOUNG Wo Sang Program Committee, PISA
Grid Deployment Enabling Grids for E-sciencE BDII 2171 LDAP 2172 LDAP 2173 LDAP 2170 Port Fwd Update DB & Modify DB 2170 Port.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Using GStat 2.0 for Information Validation.
1 Flexible, High-Speed Intrusion Detection Using Bro Vern Paxson Computational Research Division Lawrence Berkeley National Laboratory and ICSI Center.
Greg Steen.  What is Snort?  Snort purposes  Where can it be used?
INFSO-RI Enabling Grids for E-sciencE /10/20054th EGEE Conference - Pisa1 gLite Configuration and Deployment Models JRA1 Integration.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid Monitoring Tools E. Imamagic, SRCE CE.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
An Active Security Infrastructure for Grids Stuart Kenny*, Brian Coghlan Trinity College Dublin.
Design Lines for a Long Term Competitive IDS Erwan Lemonnier KTH-IT / Defcom.
Grid testing using virtual machines Stephen Childs*, Brian Coghlan, David O'Callaghan, Geoff Quigley, John Walsh Department of Computer Science Trinity.
TCD Site Report Stuart Kenny*, Stephen Childs, Brian Coghlan, Geoff Quigley.
EGEE-II TCD 22 nd -25 th May 2007 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Experiences with a distributed.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid Configuration Data or “What should be.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Stephen Childs Trinity College Dublin &
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks CYFRONET site report Marcin Radecki CYFRONET.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
An Introduction To Gateway Intrusion Detection Systems Hogwash GIDS Jed Haile Nitro Data Systems.
INFSO-RI Enabling Grids for E-sciencE Workshop WLCG Security for Grid Sites Louis Poncet System Engineer SA3 - OSCT.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Nagios Grid Monitor E. Imamagic, SRCE OAT.
SIEM Rotem Mesika System security engineering
IDS Intrusion Detection Systems
Overview – SOE PatchTT December 2013.
Securing the Network Perimeter with ISA 2004
NETWORK SECURITY LAB Lab 9. IDS and IPS.
Intrusion Detection Systems (IDS)
Objectives. Objectives Objectives Content Configure Microsoft Azure monitor.
Presentation transcript:

INFSO-RI Enabling Grids for E-sciencE Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Dept. of Computer Science Trinity College Dublin 27th Oct. 2005

Enabling Grids for E-sciencE INFSO-RI Introduction Goal –“To provide the Grid-Ireland OpsCentre with an overall picture of the state of security of the entire Grid-Ireland infrastructure at any time”  Starting with intrusion detection Difficulties for Grid –Infrastructure spans multiple networks –Don’t know about state of security at other sites –Similar infrastructure at sites, i.e. OS, services –Speed of response depends on speed of access to information Grid-Ireland approach –Develop Grid-wide intrusion detection system  Instrument all sites to detect attempted security intrusions  All security alerts generated at sites to be visible at OpsCentre

Enabling Grids for E-sciencE INFSO-RI Grid-wide Intrusion Detection System building blocks: –Snort  Open-source network intrusion detection system –CrossGrid NetTracer  System for accessing log files through Grid InfoSys  Supports Tcpdump and Snort –R-GMA  Relational grid monitoring and information system

Enabling Grids for E-sciencE INFSO-RI Grid-wide Intrusion Detection System comprised of two levels: 1.Alert aggregation  Snort + NetTracer Sensor Snort: generates alerts for suspect packets NetTracer: streams alerts to R-GMA  R-GMA Secondary Producer Collects alerts to central ‘Grid-wide intrusion log’

Enabling Grids for E-sciencE INFSO-RI Alert Aggregation R-GMA SNORT + SENSOR SNORT + SENSOR SNORT + SENSOR SNORT + SENSOR Site A Site CSite B Site D SnortAlerts, “where siteId = ‘Site A’” SnortAlerts, “where siteId = ‘Site C’” SnortAlerts, “where siteId = ‘Site B’” SnortAlerts, “where siteId = ‘Site D’”

Enabling Grids for E-sciencE INFSO-RI Alert Aggregation

Enabling Grids for E-sciencE INFSO-RI Alert Analysis System comprised of two levels: 1.Alert aggregation  Snort + NetTracer sensor Snort: generates alerts for suspect packets NetTracer: streams alerts to R-GMA  R-GMA Secondary Producer Collects alerts to central ‘Grid-wide intrusion log’ 2.Alert analysis  Custom R-GMA consumers Currently 3 different kinds  Detect attempted attack on grid infrastructure  Generate ‘Grid-alert’

Enabling Grids for E-sciencE INFSO-RI Alert Analysis

Enabling Grids for E-sciencE INFSO-RI Example Analyser Detect scanning of Grid infrastructure Consumer filters log for portscan alerts If multiple sites scanned by single source –Grid infrastructure portscan ‘grid-alert’ –Alert generated:   published to R-GMA Consumer alert = consumerFactory.createConsumer(timeInterval, “SELECT * FROM snortAlerts WHERE generator_id=122”, QueryProperties.CONTINUOUS);

Enabling Grids for E-sciencE INFSO-RI Example Analyser Grid Alert: Grid Infrastructure Portscan From: To: Date: Yesterday 00:26:05 [**] 08/04-00:26: Grid Infrastructure Portscan [**] Source: ( ) Site: giULie 08/04-00:17: (portscan) TCP Portscan gridmon.grid.ul.ie ( ) Site: giRCSIie 08/04-00:26: (portscan) TCP Portscan gridmon.rcsi.ie ( ) Site: giAITie 08/04-00:13: (portscan) TCP Portscan ( )

Enabling Grids for E-sciencE INFSO-RI Sample Results First 4 week period: 25,378 Current Total: 194,390 (16 weeks)

Enabling Grids for E-sciencE INFSO-RI Sample Results

Enabling Grids for E-sciencE INFSO-RI Sample Results

Enabling Grids for E-sciencE INFSO-RI Deployment –Site  R-GMA MON box  Snort  NetTracer, 2 components: Sensor – must be co-located with Snort QueryEngine – requires the R-GMA API –GOC  Intrusion log secondary producer  Intrusion log analysers Configuration –Manual  configuration script –Automatic  LCFG component  Quattor component (to be tested)  YAIM will be provided

Enabling Grids for E-sciencE INFSO-RI Future Work Customise Snort rules for Grid –Based on:  Site configurations  Host types  Services Incorporate additional security components –Tripwire –Bro Attack detection –New intrusion log analysers  Bayesian  AI/Category Theory Active response –Automated responses to detected attacks

Enabling Grids for E-sciencE INFSO-RI The End Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.