Presentation is loading. Please wait.

Presentation is loading. Please wait.

Manuka project IEEE IA Workshop June 10, 2004. Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Manuka project IEEE IA Workshop June 10, 2004. Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion."— Presentation transcript:

1 manuka project IEEE IA Workshop June 10, 2004

2 Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion

3 Team Members Seattle University Masters in Computer Science & Software Engineering –Amy Shephard –Christian Seifert –Don Nguyen –Jenks Gibbons –Jose Chavez

4 Sponsors –University of Washington Customer: Dave Dittrich –Seattle University Advisor: Barbara Endicott-Popovsky

5 Inspiration to Solution

6 Inspiration Honeynet Project “Forensic Challenge” –January 15, 2001 –Linux Red Hat 6.2 –Six partitions (1.8GB raw / 170MB gzip) –Time to: Root the box and rootkit (30 minutes) Analyze intrusion and report (30+ hours) –Downloaded thousands of times –Used in first SANS FIRE (Forensics course) http://www.honeynet.org/challenge/index.html

7 Application #1 2004 NSF CCLI grant –Highline Community College –Seattle University –University of Washington Computer and Network Forensics Courses Using real compromised honeypot images for labs

8 Use in Forensic Course Lab Student boots lab system w/custom Linux bootable CD Chooses which compromised system to analyze Bits loaded to disk, verified Student performs analysis, answers specific questions (which are compared with analysis in database) Lather, rinse, repeat…

9 Application #2 Distributed Honeynet using Honeywalls –“Clone” clean honeypot images –Archive compromised honeypot images –Automated honeypot forensics (future)

10 Application #3 (future) Distributed Incident Response Toolkit –Customizable (unique) ISO images –Centralized control of analysis –Remote drive acquisition –Asynchronous and semi-automatic operation

11 Proposed Solution Use standard x86 hardware (Knoppix) Bit-image copy of clean/compromised systems Provide integrity checking (MD5 hashes) and secure file transfer (SSH) Database storage (compressed) Database search by attribute (e.g., ID#, OS version, CVE #, etc.) Remotely retrieve/install bootable systems Customizable ISO (ala Honeywall) “Customizing ISOs and the Honeynet Project’s Honeywall,” http://staff.washington.edu/dittrich/misc/honeywall/

12 Manuka Components –Server Linux, MySQL, Java Automated Manuka database server installation –Client Customized Knoppix CD-ROM (similar to Honeywall) –Password protected –Secure login to database –Secure data transfer

13 Manuka Use

14 Typical Use Upload clean 1)Install new honeypot 2)Configure vulnerability profile (CVE #N) 3)Reboot w/Manuka CD, ID system, upload Download clean 1)Boot w/Manuka CD 2)Select image and download Upload compromised 1)Boot w/Manuka CD 2)Associate w/original, annotate, upload

15 Accessing Manuka –Authentication required for all functionality –Multiple access levels supported

16 Upload Installation –Stores an installation in the Manuka database –Clean Image Specify system details Specify installation details Specify vulnerabilities –Compromised Image Associate with existing system Specify installation details

17 GZip Compressor Encrypted SSH Tunnel Manuka Database Clean or Compromised System Booted with Knoppix CD File Server : 9999 System Image Metadata System A, BA6512345AFAED2A3D4E11 System B, BA6512345AFAED2A3D4E11 Upload Component MD5 Hash CD33456765673FE23AD4F13 System C, CD33456765673FE23AD4F13

18 Download Installation –Writes an installation to the specified drive –Download Installation Specify target, system, and installation details Wait…

19 GZip UnCompressor Encrypted SSH Tunnel Manuka Database System to restore (Booted with Knoppix CD) File Server : 9999 Binary Files Location System A, BA651EF45AFAED2A3D4E11 System B, BA6512345AFAED2A3D4E11 Download Component Image 3, CD33456765673FE23AD4F13 Request Binary Images Files MD5 Hash CD33456765673FE23AD4F13 System C, CD33456765673FE23AD4F13

20 System Search –Allows targeted access to system information –Search by system metadata –Retrieves all matching systems

21 System and Installation Details –Allows access to system data general information vulnerabilities installation details

22 Stored Data Management –User updates Operating Systems Operating System Versions –Automatic updates Vulnerabilities

23 Software Engineering Approach

24 Approach Extreme Programming –Pair programming Methodology –Development of user stories –Estimation/prioritization of user stories –Weekly iteration status meetings –Monthly iteration planning meeting –Working code –Metrics collection

25 Methodology Development of user stories Estimation/prioritization of user stories Weekly iteration status meetings Monthly iteration planning meeting Working code Metrics collection

26 Project Plan

27 The Manuka Times Tasks due Current risks User story status Delayed tasks Acceptance tests results

28 Project Website Customer communication Release dissemination Access to –source control –bug tracking –standards –current iteration information

29 Conclusion Support tool for setup/imaging of distributed honeypots Support for Hands-on Forensics Lab Exercises Base for Future Honeypot Analysis and IRT toolkit Example of Extreme Programming Concepts in action Questions? http://staff.washington.edu/dittrich/misc/honeywall/

Download ppt "Manuka project IEEE IA Workshop June 10, 2004. Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion."

Similar presentations

Configuration management

Configuration management
Module 1: Installing Windows XP Professional

Module 1: Installing Windows XP Professional
Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.

Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008.
Leveraging WinPE and Linux Preboot for Effective Provisioning Jonathan Richey | Director of Development | Altiris, Inc.

Leveraging WinPE and Linux Preboot for Effective Provisioning Jonathan Richey | Director of Development | Altiris, Inc.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.

11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.

Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.
Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.

Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.
PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.

PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.

Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.
Post install; Live CD Chapter II / Part 1I. Post install After install completes, take out the install CD/DVD Reboot Check if boot loader is working properly.

Post install; Live CD Chapter II / Part 1I. Post install After install completes, take out the install CD/DVD Reboot Check if boot loader is working properly.
Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.

Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.

Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.

Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.
Hands-on: Capturing an Image with AccessData FTK Imager

Hands-on: Capturing an Image with AccessData FTK Imager
This chapter is extracted from Sommerville’s slides. Text book chapter 29 1 1.

This chapter is extracted from Sommerville’s slides. Text book chapter

Similar presentations

Ads by Google