Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

Published byShannon Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed."— Presentation transcript:

1

2 1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed Architectures (SPEDA2010) Claudio Mazzariello Roberto Bifulco Roberto Canonico “Federico II” University of Napoli

3 2 Outline Cloud computing security issues Examples of recent security incidents Securing a Cloud Implementation of a Cloud A network Intrusion Detection System Experimental evaluation

4 3 Cloud Computing peculiarities Shared resources among several customers Highly dynamic infrastructures Cheap access to large scale computation/storage/communication facilities …

5 4 Cloud Computing security issues Shared resources among several customers New types of attacks (e.g. DoS over colocated VMs) Privacy infringement... Highly dynamic infrastructures Users tracking and profiling Cheap access to large scale computation/storage/communication facilities Misuse of the CC model aimed at conducting illegal activities

6 5 Attack source External attackers M alicious users perform attacks targeting Cloud users Internal attackers Malicious users rent a share of Cloud resources Cheap, huge amounts of resources can be exploited to perform attacks against remote victims

7 6 Examples of CC-related security incidents “We have several customers being attacked from the same EC2 instance on their network for 2 full days now...” http://seclists.org/nanog/2010/Apr/811 “I discovered that several systems on the Amazon EC2 network were preforming brute force attacks, against our VoIP servers.” http://www.stuartsheldon.org/blog/2010/04/sip-brute-force- attack-originating-from-amazon-ec2-hosts/ “Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all Amazon EC2 traffic.” http://www.voiptechchat.com/voip/457/amazon-ec2-sip- brute-force-attacks-on-rise/

8 7 Securing a Cloud by monitoring traffic Cloud computing suffers from common network-related security threats Cl oud computing, with its novel usage paradigm, introduces novel threats We evaluate effectiveness and impact of common, production level traffic monitoring tools Using different deployment strategies Centralized vs. Distributed By measuring Computational overhead Detection capability

9 8 IMPLEMENTING A CLOUD

10 9 Open Source Cloud Computing Eucalyptus is an open source Cloud Computing system that reproduces all Amazon EC2's services It allows the management of multiple “Availability zones”. Client-side API Cloud Controller Cluster Controller Node Controller Amazon EC2 Interface Database

11 10 Looking at a single cluster Our focus is on a single cluster managed by Eucalyptus (One geographic location) Client-side API Cloud Controller Amazon EC2 Interface

12 11 NETWORK SECURITY TOOL

13 12 Functionalities of an Intrusion Detection System Activity monitoring (sensor) – Network traffic packets Recognize suspicious and inappropriate activities (analyzer) Generate alerts (user interface) Sensor Analyzer User Interface

14 13 Snort – an open source Intrusion Detection System Snort is a signature based IDS – Each detectable attack is described by a static rule – Each rule contains particular byte-patterns and values to be sought for in both the packet header and payload Snort operates in real-time Snort is open-source – Flexible – Extendable

15 14 EXPERIMENTAL EVALUATION

16 15 Distribution of services in nodes Asterisk SIP server RTP user agents Apache web server

17 16 The overall picture “Inviteflood” attack tool D-ITG background traffic generator

18 17 Two different IDS deployment scenarios One IDS close to the cluster controller – Monitors inbound/outbound traffic – Monitors traffic between different security groups – VLAN tags are removed Traffic related to different security groups becomes indistinguishable Several IDS’s, each close to a physical machine – Each IDS monitors traffic to/from virtual resources hosted on the physical machine In both scenarios, all attack instances are correctly detected

19 18 MONITORING AT THE CLUSTER CONTROLLER

20 19 50 % 100 % Cluster Front-end CPU profile Snort Packet forwarding

21 20 MONITORING AT EACH PHYSICAL MACHINE

22 21 Attacked worker node CPU profile 50 % 100 % Attacked VM Dom0 Non-attacked VMs

23 22 Non-Attacked worker node CPU profile 50 % 100 %

24 23 Conclusions Monitoring traffic at the cluster controller – Privileged observation point – Look at all traffic – Misses internal attacks Monitoring traffic at each physical machine – Limited scope – Ligthweight – Increased cloud resilience

25 24 Thank you! Claudio Mazzariello – claudio.mazzariello@unina.it

Download ppt "1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed."

Similar presentations

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Infrastructure as a Service (IaaS) Amazon EC2

Infrastructure as a Service (IaaS) Amazon EC2
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.

Secure Cloud Computing with Virtualized Network Infrastructure HotCloud 10 By Xuanran Zong.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security

Similar presentations

Ads by Google