Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Trinity College Dublin.

Published byHarold Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Trinity College Dublin."— Presentation transcript:

1 Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Trinity College Dublin

2 December 2004Grid-wide Intrusion Detection2 Overview SANTA-G SANTA-G NetTracer Intrusion Detection System Summary

3 December 2004Grid-wide Intrusion Detection3 SANTA-G Developed by TCD within CrossGrid Framework for accessing monitoring information via Grid InfoSys Info providers insert data periodically –Inefficient, or impossible, when dealing with large amounts data –Better to leave data where it was created –Data transferred when requested by client

4 December 2004Grid-wide Intrusion Detection4 SANTA-G

5 December 2004Grid-wide Intrusion Detection5 SANTA-G NetTracer Demonstrates SANTA-G framework Access libpcap logfiles via EDG R-GMA –Tcpdump logfiles, network monitoring –SNORT logfiles, intrusion detection Uses R-GMA CanonicalProducer (TCD)

6 December 2004Grid-wide Intrusion Detection6 SANTA-G NetTracer

7 December 2004Grid-wide Intrusion Detection7 SANTA-G Intrusion Detection We can use SNORT functionality of NetTracer as basis of Grid-wide intrusion detection system.

8 December 2004Grid-wide Intrusion Detection8 SANTA-G Intrusion Detection

9 December 2004Grid-wide Intrusion Detection9 SANTA-G Intrusion Detection

10 December 2004Grid-wide Intrusion Detection10 Grid Intrusion Detection Each site hosts NetTracer SNORT sensors on each monitored node Detected alerts are streamed to R-GMA Grid-wide intrusion log: –GOC collects alerts from multiple sites –Uses R-GMA archiver

11 December 2004Grid-wide Intrusion Detection11 Grid Intrusion Detection

12 December 2004Grid-wide Intrusion Detection12 Grid-wide Intrusion Alerts Grid-wide alerts: –GOC runs custom Consumers querying for specific alert patterns –Consumers send alerts if pattern detected An example filter might be: Consumer alert = new Consumer(“SELECT * FROM snortAlerts WHERE message=“DDOS mstream client to handler”, Consumer.CONTINUOUS); while(true){ ResultSet ddosAlerts = alerts.pop(); while(ddosAlerts.next()){ sendEmailAlert(ddosAlerts.getString(“alert_timestamp”,… }

13 December 2004Grid-wide Intrusion Detection13 Summary SANTA-G framework allows client access to monitoring data through Grid InfoSys Example provided by SANTA-G NetTracer SNORT functionality of NetTracer used to construct Grid-wide IDS Alerts from multiple sites collected by GOC GOC analyses IDS log and generates Grid-wide intrusion alerts To be deployed on Grid-Ireland Jan ‘05

Download ppt "Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Trinity College Dublin."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Addressing IPv6 Vulnerabilities on Small Business Networks Bradley HainesVincent Pullano University of Cincinnati College of Education, Criminal Justice,

Addressing IPv6 Vulnerabilities on Small Business Networks Bradley HainesVincent Pullano University of Cincinnati College of Education, Criminal Justice,
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
1 CHEP 2000, 10.02.2000Roberto Barbera Roberto Barbera (*) Grid monitoring with NAGIOS WP3-INFN Meeting, Naples, 29.11.2002 (*) Work in collaboration with.

1 CHEP 2000, Roberto Barbera Roberto Barbera (*) Grid monitoring with NAGIOS WP3-INFN Meeting, Naples, (*) Work in collaboration with.
DataGrid is a project funded by the European Union 22 September 2003 – n° 1 EDG WP4 Fabric Management: Fabric Monitoring and Fault Tolerance

DataGrid is a project funded by the European Union 22 September 2003 – n° 1 EDG WP4 Fabric Management: Fabric Monitoring and Fault Tolerance
HEAnet Conference 2006 John Walsh Grid-Ireland Grid Manager Trinity College Dublin The Grid Computing Infrastructure in Ireland and Abroad.

HEAnet Conference 2006 John Walsh Grid-Ireland Grid Manager Trinity College Dublin The Grid Computing Infrastructure in Ireland and Abroad.
CrossGrid WP3 Task 3.3.2 Non-invasive Monitoring Trinity College Dublin Brian Coghlan, Stuart Kenny, David O’Callaghan Santiago FEB-2003.

CrossGrid WP3 Task Non-invasive Monitoring Trinity College Dublin Brian Coghlan, Stuart Kenny, David O’Callaghan Santiago FEB-2003.
Grid Research in Ireland Brian Coghlan, Trinity College Dublin John Morrison, University College Cork Andy Shearer, NUI Galway Michael Manzke, Trinity.

Grid Research in Ireland Brian Coghlan, Trinity College Dublin John Morrison, University College Cork Andy Shearer, NUI Galway Michael Manzke, Trinity.
CrossGrid WP3 Task 3.3 Grid Monitoring Trinity College Dublin (TCD, AC14 - CR11) Brian Coghlan, Stuart Kenny CYFRONET Academic Computer Centre, Krakow.

CrossGrid WP3 Task 3.3 Grid Monitoring Trinity College Dublin (TCD, AC14 - CR11) Brian Coghlan, Stuart Kenny CYFRONET Academic Computer Centre, Krakow.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
CrossGrid WP3 Task 3.3.2 Non-invasive Monitoring Trinity College Dublin Brian Coghlan, Stuart Kenny, David O’Callaghan Santiago FEB-2003.

CrossGrid WP3 Task Non-invasive Monitoring Trinity College Dublin Brian Coghlan, Stuart Kenny, David O’Callaghan Santiago FEB-2003.
CrossGrid Task 3.3 Grid Monitoring Trinity College Dublin (TCD) Brian Coghlan Paris MAR-2002.

CrossGrid Task 3.3 Grid Monitoring Trinity College Dublin (TCD) Brian Coghlan Paris MAR-2002.
Sept 27 th – 29 th, 2002Linz 2002, Task 3.3.2 Task 3.3 Grid Monitoring Subtask 3.3.2 SANTA-G Brian Coghlan, Stuart Kenny Trinity College Dublin.

Sept 27 th – 29 th, 2002Linz 2002, Task Task 3.3 Grid Monitoring Subtask SANTA-G Brian Coghlan, Stuart Kenny Trinity College Dublin.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
TM Herding Penguins with Performance Co-Pilot Ken McDonell Performance Tools Group SGI, Melbourne.

TM Herding Penguins with Performance Co-Pilot Ken McDonell Performance Tools Group SGI, Melbourne.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Active Security Infrastructure Stuart Kenny Trinity College Dublin.

Active Security Infrastructure Stuart Kenny Trinity College Dublin.
Monitoring and Accounting on the NGS Guy Warner NeSC TOE Team.

Monitoring and Accounting on the NGS Guy Warner NeSC TOE Team.
The National Computational Grid for Ireland OpsCentre Infrastructure Staff TestGrid Porting Current Issues Future Plans Grid-Ireland OpsCentre.

The National Computational Grid for Ireland OpsCentre Infrastructure Staff TestGrid Porting Current Issues Future Plans Grid-Ireland OpsCentre.

Similar presentations

Ads by Google