Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attack Tool Repository and Player for ISEAGE May 06-11 Team:Jeremy Brotherton Timothy Hilby Brett Mastbergen Jasen Stoeker Faculty Advisor:Doug Jacobson.

Published byAbigail Flowers Modified over 9 years ago

Similar presentations

Presentation on theme: "Attack Tool Repository and Player for ISEAGE May 06-11 Team:Jeremy Brotherton Timothy Hilby Brett Mastbergen Jasen Stoeker Faculty Advisor:Doug Jacobson."— Presentation transcript:

1 Attack Tool Repository and Player for ISEAGE May 06-11 Team:Jeremy Brotherton Timothy Hilby Brett Mastbergen Jasen Stoeker Faculty Advisor:Doug Jacobson Client:Information Assurance Center April 25, 2006

2 May06-11 ISEAGE Attack Tool Repository and Player2 Outline Introduction Introduction –Project background and requirements Project activities Project activities –Research, design, implementation, and testing Resources and schedule Resources and schedule –Personnel and financial Closing material Closing material –Project evaluation –Lessons learned –Risk management –Closing summary

3 May06-11 ISEAGE Attack Tool Repository and Player3 Definitions ASP - Active Server Pages, programming language for dynamic websites. ASP - Active Server Pages, programming language for dynamic websites. Exploit - An attack on a computer system that takes advantage of a vulnerability. Exploit - An attack on a computer system that takes advantage of a vulnerability. GUI – Graphical user interface GUI – Graphical user interface ISEAGE - Internet Scale Event and Attack Generation Environment, a network dedicated to creating a virtual Internet for the purpose of researching, designing, and testing cyber defense mechanisms. ISEAGE - Internet Scale Event and Attack Generation Environment, a network dedicated to creating a virtual Internet for the purpose of researching, designing, and testing cyber defense mechanisms. MySQL - Open source database that uses the Structured Query Language. MySQL - Open source database that uses the Structured Query Language. PHP - PHP: Hypertext Preprocessor, another programming language for dynamic websites. PHP - PHP: Hypertext Preprocessor, another programming language for dynamic websites. SSH – Secure Shell, a protocol that allows users to interact with a computer remotely over a secure session. SSH – Secure Shell, a protocol that allows users to interact with a computer remotely over a secure session. Vulnerability - A weakness in a system due to security procedures, implementation or other means that could be exploited. Vulnerability - A weakness in a system due to security procedures, implementation or other means that could be exploited.

4 May06-11 ISEAGE Attack Tool Repository and Player4 Problem Statement Problem Statement Problem Statement –Currently, trying to attack a computer vulnerability means scouring the Internet for the right attack –Computer professionals and others, need a way to locate and launch exploits quickly and easily Problem Solution Problem Solution –Develop a web application that interfaces to a database of network attacks –Users can search the database and launch attacks through a web browser

5 May06-11 ISEAGE Attack Tool Repository and Player5 Operating Environment ISEAGE network at ISU research park ISEAGE network at ISU research park –Software can operate on any platform –60-90 degrees Fahrenheit –Low moisture

6 May06-11 ISEAGE Attack Tool Repository and Player6 Intended Users and Uses Users Users –Researchers, students, vendors, and computer professionals Uses Uses –Evaluate weaknesses in computer systems and network architectures –Training users about computer and network security

7 May06-11 ISEAGE Attack Tool Repository and Player7 Assumptions The application is being coded using PHP and MySQL Maximum number of simultaneous users is twenty Maximum query response time is two seconds Any attack can only run for 60 seconds

8 May06-11 ISEAGE Attack Tool Repository and Player8 Limitations The database will not include all possible attacks or all known attacks Size of database is limited to available disk space This system will not fix vulnerabilities or pinpoint the cause of failure

9 May06-11 ISEAGE Attack Tool Repository and Player9 End Product and Deliverables Complete PHP website and MySQL database populated with exploits (commented source code) Complete PHP website and MySQL database populated with exploits (commented source code) User’s guide User’s guide Administrative guide – includes setup and maintenance instructions Administrative guide – includes setup and maintenance instructions Final report Final report

10 May06-11 ISEAGE Attack Tool Repository and Player10 Present Accomplishments Verified client needs and requirements Verified client needs and requirements Researched approaches for problem solution Researched approaches for problem solution Completed detailed design Completed detailed design Created prototype website and database Created prototype website and database Added prototype functionality to meet client’s needs Added prototype functionality to meet client’s needs Developed accompanying documentation Developed accompanying documentation Working application was approved by client and has been delivered Working application was approved by client and has been delivered

11 May06-11 ISEAGE Attack Tool Repository and Player11 Approaches Considered and Used MySQL database of current exploits for several platforms MySQL database of current exploits for several platforms PHP based webpage that allows users to search the database for exploits PHP based webpage that allows users to search the database for exploits PHP code that allows users to launch exploits with the click of a button PHP code that allows users to launch exploits with the click of a button Apache web server for hosting the interface Apache web server for hosting the interface

12 May06-11 ISEAGE Attack Tool Repository and Player12 Approaches Considered and Used cont. Stand alone computer application Stand alone computer application Remote connection to database Remote connection to database Database remotely connects to various computers Database remotely connects to various computers

13 May06-11 ISEAGE Attack Tool Repository and Player13 Definition Activities Discussed project needs with client and obtained approval for proposed solution Discussed project needs with client and obtained approval for proposed solution Final Project Definition Final Project Definition –To develop a scalable, web-based application that provides users with the ability to search for network attacks and launch them with a single click

14 May06-11 ISEAGE Attack Tool Repository and Player14 Research Activities Webpage programming languages Webpage programming languages –PHP and ASP Database options Database options –MySQL and SQL Server 2005

15 May06-11 ISEAGE Attack Tool Repository and Player15 Database Technologies MySQL SQL Server 2005 Open Source Open Source Mature and Well Tested Mature and Well Tested Platform Independent Platform Independent  Not as Well Integrated  Not as Much Pre- Written Code  Best Integration of Any Platform  Most Extensive Tools  Large Amount of Pre- Written Code  Licensing Issues  Not mature, limited track record

16 May06-11 ISEAGE Attack Tool Repository and Player16 Webpage Programming Languages PHP ASP.NET 2005  Current Version Well Tested  Many Online Examples  Cross Platform  Not as Well Integrated  Can’t Drag and Drop Interfaces  Extremely Well Integrated with SQL Server 2005  Large Amount of Built in Objects  Best IDE  Licensing Issues  Not mature

17 May06-11 ISEAGE Attack Tool Repository and Player17 Technology Selections MySQL MySQL PHP PHP Apache Apache

18 May06-11 ISEAGE Attack Tool Repository and Player18 Design Activities Design constraints Design constraints –Platform independent –Web-based –Powerful and extensible database –Administrator controls

19 May06-11 ISEAGE Attack Tool Repository and Player19 Basic Solution Architecture

20 May06-11 ISEAGE Attack Tool Repository and Player20 Implementation Activities Design website framework Design website framework Develop a test database with fake exploits Develop a test database with fake exploits Created PHP code to run search queries Created PHP code to run search queries Developed PHP code to launch attacks Developed PHP code to launch attacks Original designs remained unchanged Original designs remained unchanged

21 May06-11 ISEAGE Attack Tool Repository and Player21 Testing Activities User search criteria translated into proper SQL query User search criteria translated into proper SQL query Query results returned back properly Query results returned back properly Launching of attacks is actually generating network traffic Launching of attacks is actually generating network traffic Evaluation by both the team and ISEAGE graduate students Evaluation by both the team and ISEAGE graduate students

22 May06-11 ISEAGE Attack Tool Repository and Player22 Testing Priorities High priority tests cover critical product features High priority tests cover critical product features Medium priority tests cover supplemental product features Medium priority tests cover supplemental product features Low priority tests cover non-essential product features Low priority tests cover non-essential product features

23 May06-11 ISEAGE Attack Tool Repository and Player23 Testing Results PriorityTestsPassedFixed % Complete High981100% Medium440100% Low30133% Total1612288%

24 May06-11 ISEAGE Attack Tool Repository and Player24 Significant Activities ComponentEnd Result Website softwareCompleted User documentationCompleted Administrative guideCompleted Database structure and contents Completed Commented source codeCompleted

25 May06-11 ISEAGE Attack Tool Repository and Player25 Personnel Effort Requirements

26 May06-11 ISEAGE Attack Tool Repository and Player26 Other Resource Requirements

27 May06-11 ISEAGE Attack Tool Repository and Player27 Financial Requirements

28 May06-11 ISEAGE Attack Tool Repository and Player28 Project Schedule

29 May06-11 ISEAGE Attack Tool Repository and Player29 Closing Material Project evaluation Project evaluation Commercialization Commercialization Additional work Additional work Lessons learned Lessons learned Risk and risk management Risk and risk management Closing summary Closing summary

30 May06-11 ISEAGE Attack Tool Repository and Player30 Project Evaluation Milestone evaluation criteria CriteriaScore Greatly exceeded110% Exceeded105% Fully met100% Partially met80% Not met30% Not attempted0%

31 May06-11 ISEAGE Attack Tool Repository and Player31 Project Evaluation Cont. Project Results MilestoneEvaluationResultant Percentage Project plan developmentFully Met20%*100 = 20% Design researchFully Met5%*100 = 5% Technology selectionFully Met5%*100 = 5% Initial product designFully Met20%*100 = 20% Framework implementedFully Met10%*100 = 10% End-product testingPartially Met15%*80 = 12% End-product documentationFully Met15%* 100 = 15% End-product demonstrationFully Met10% * 100 = 10% Total97%

32 May06-11 ISEAGE Attack Tool Repository and Player32 Commercialization Not planned, developed strictly for use with ISEAGE Not planned, developed strictly for use with ISEAGE

33 May06-11 ISEAGE Attack Tool Repository and Player33 Future Work Continuing to add to the database of exploits Continuing to add to the database of exploits Adding additional functionality such as allowing users to interact with the remote machine via the web interface Adding additional functionality such as allowing users to interact with the remote machine via the web interface Allow users to select target machines from a network diagram Allow users to select target machines from a network diagram

34 May06-11 ISEAGE Attack Tool Repository and Player34 Lessons Learned What went well What went well –Implementation, client demonstration, team work What did not go well What did not go well –Equipment setup, project plan Technical knowledge gained Technical knowledge gained –PHP, MySQL, XAMPP Non-technical knowledge gained Non-technical knowledge gained –Communications skills, long term planning What would be done differently What would be done differently –Implementation, hardware setup

35 May06-11 ISEAGE Attack Tool Repository and Player35 Risks and Risk Management Anticipated risks Anticipated risks –Loss of a team member due to sickness or other unexpected circumstances –Missed deadlines –Faulty product –Poor communications among team members may halt the project –Data loss

36 May06-11 ISEAGE Attack Tool Repository and Player36 Risks and Risk Management cont. Risk management Risk management –Continually informed team of individual progress and shared all essential project knowledge –Team leader kept close track of all upcoming deadlines and always tried to be one week ahead –Continually met with Dr. Jacobson to ensure project was progressing in the intended direction –Regularly scheduled meetings and team email communication ensured all team members were always informed –All implementation code was placed in a backed up CVS repository and all project documents were regularly distributed to all team members

37 May06-11 ISEAGE Attack Tool Repository and Player37 Risks and Risk Management cont. Anticipated risks encountered Anticipated risks encountered –Loss of a team member due to sickness –Work load was divided among remaining team members Unanticipated risks encountered Unanticipated risks encountered –Dead on arrival hardware –Implementation and testing were carried out on a single machine Changes in risk management due to unanticipated risks Changes in risk management due to unanticipated risks –Changed deadlines –Assumed each task would have unexpected problems

38 May06-11 ISEAGE Attack Tool Repository and Player38 Closing Summary Problem Problem –Need to locate and launch exploits from one location –Users need a simple interface to this type of tool Solution Solution –Developed a MySQL database of attacks –Created PHP based website to interface with a database and it has the ability to launch specific exploits from any web browser

39 May06-11 ISEAGE Attack Tool Repository and Player39 Any questions or comments?

Download ppt "Attack Tool Repository and Player for ISEAGE May 06-11 Team:Jeremy Brotherton Timothy Hilby Brett Mastbergen Jasen Stoeker Faculty Advisor:Doug Jacobson."

Similar presentations

Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
Team 7 / May 24, 2006 Web Based Automation & Security Client Capstone Design Advisor Prof. David Bourner Team Members Lloyd Emokpae (team Lead) Vikash.

Team 7 / May 24, 2006 Web Based Automation & Security Client Capstone Design Advisor Prof. David Bourner Team Members Lloyd Emokpae (team Lead) Vikash.
Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.

Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.

Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.
Alcatel Customized Training Site David Otero University of San Diego MSIT 526 Dr. Carl Rebman.

Alcatel Customized Training Site David Otero University of San Diego MSIT 526 Dr. Carl Rebman.
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases 1234576891011 Copyright Wonderlane Studios.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Distributed Systems: Client/Server Computing

Distributed Systems: Client/Server Computing
Inventory Control in Stores Dec05-09 Team: Jeff Benson Frederick Brown Christopher Reed Brian Wagner Date: December 6, 2005 Client: ISU Senior Design Program.

Inventory Control in Stores Dec05-09 Team: Jeff Benson Frederick Brown Christopher Reed Brian Wagner Date: December 6, 2005 Client: ISU Senior Design Program.
Web Development & Design Foundations with XHTML

Web Development & Design Foundations with XHTML
269200 Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
Final Year Project Presentation E-PM: A N O NLINE P ROJECT M ANAGER By: Pankaj Goel.

Final Year Project Presentation E-PM: A N O NLINE P ROJECT M ANAGER By: Pankaj Goel.
4/24/2007Iowa State University Program to Evaluate Alternative Energy Sources EE / CprE 492 May 07-03 Team Members Christina Erickson Daniel Harkness Matt.

4/24/2007Iowa State University Program to Evaluate Alternative Energy Sources EE / CprE 492 May Team Members Christina Erickson Daniel Harkness Matt.
Web Developer & Design Foundations with XHTML

Web Developer & Design Foundations with XHTML
1 Web Developer Foundations: Using XHTML Chapter 8 Web Site Development.

1 Web Developer Foundations: Using XHTML Chapter 8 Web Site Development.
Web Development Process Description

Web Development Process Description
Web Based Applications

Web Based Applications
Joel Bapaga on Web Design Strategies Technologies Commercial Value.

Joel Bapaga on Web Design Strategies Technologies Commercial Value.
Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.

Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.

Similar presentations

Ads by Google