Attack Monitoring Of Ums Wifi Using Snort

UMS Wi-Fi is a facility provided by the UMS to citizen of UMS that can be used in coursework. UMS Wi-Fi can be accessed of UMS citizen by using password that given by UMS. Because of a number of users UMS Wi-Fi caused traffic data being busy. To prevent this bad traffic data, monitoring of data traffic is needed to speed up of accessing to the internet. This paper analyzes the monitoring and filtering of data packages in UMS Wi-Fi as a threat. By analyzing some points of UMS Wi-Fi which is frequently used and concluding the points which should be reviewed so that traffic data will not being busy. In the monitoring and filtering of traffic data UMS Wi-Fi using intrusion detection system called snort. The use of snort because it is free and easy to use as well as can updating system and a new type of attack from any environment

MENGIMPLEMENTASIKAN SISTEM KEMANAN JARINGAN INTRUSION PREVENTION SYSTEM BERBASIS SNORT PADA ARSITEKTUR SOFTWARE DEFINED NETWORK

Software Defined Network (SDN) adalah arsitektur jaringan yang memisahkan antara control plane dan data plane. Dalam SDN, control plane berada pada pada sebuah entitas yang biasa disebut controller sedangkan data plane berada di masing-masing perangkat networking pada arsitektur tersebut. Controller pada SDN berfungsi sebagai otak di dalam arsitektur SDN yang memungkinkan untuk mendisain, mengimplementasikan atau pun mengelola sebuah jaringan dilakukan secara sentral sehingga membuat SDN memiliki fleksibilitas dan kemampuan mengontrol jaringan yang lebih tinggi dibandingkan arsitektur jaringan konvensional. Dibalik keuntungan-keuntungan yang sudah disebutkan, kerentanan terhadap serangan masih menjadi perhatian khusus untuk mengadaptasi teknologi ini. Untuk itu, pada Tugas Akhir ini akan dilakukan penerapan Intrusion Prevention System (IPS) berbasis Snort pada arsitektur SDN yang menggunakan Ryu Controller. Penerapan IPS pada Tugas Akhir ini dilakukan dengan cara mengintegrasikan alert dari perangkat lunak bernama Snort dengan modul rest_firewall yang terdapat pada Ryu Controller. Setelah dilakukan penerapan IPS akan dilakukan simulasi serangan untuk mengetahui kemampuan sistem dalam melakukan mitigasi terhadap serangan. Dari simulasi yang telah dilakukan, pada arsitektur SDN yang sudah diterapkan IPS di dalamnya dapat mendeteksi paket serangan yang dikirim secara flood (ICMP Flood) ataupun serangan yang dilakukan ukuran paket yang dikirim (Ping of Death) ataupun serangan yang mengkombinasikan kedua serangan tersebut. Ditambah script bash yang terdiri dari block.sh dan ublock.sh terbukti dapat melakukan blokir atau mitigasi terhadap serangan

Determining the effectiveness of deceptive honeynets

Over the last few years, incidents of network based intrusions have rapidly increased, due to the increase and popularity of various attack tools easily available for download from the Internet. Due to this increase in intrusions, the concept of a network defence known as Honeypots developed. These honeypots are designed to ensnare attackers and monitor their activities. Honeypots use the principles of deception such as masking, mimicry, decoying, inventing, repackaging and dazzling to deceive attackers. Deception exists in various forms. It is a tactic to survive and defeat the motives of attackers. Due to its presence in the nature, deception has been widely used during wars and now in Information Systems. This thesis considers the current state of honeypot technology as well as describes the framework of how to improve the effectiveness of honeypots through the effective use of deception. In this research, a legitimate corporate deceptive network is created using Honeyd (a type of honeypot) which is attacked and improved using empirical learning approach. The data collected during the attacking exercise were analysed, using various measures, to determine the effectiveness of the deception in the honeypot network created using honeyd. The results indicate that the attackers were deceived into believing the honeynet was a real network which instead was a deceptive network

Declarative domain-specific languages and applications to network monitoring

Os Sistemas de Detecção de Intrusões em Redes de Computadores são provavelmente usados desde que existem redes de computadores. Estes sistemas têm como objectivo monitorizarem o tráfego de rede, procurando anomalias, comportamentos indesejáveis ou vestígios de ataques conhecidos, por forma a manter utilizadores, dados, máquinas e serviços seguros, garantindo que as redes de computadores são locais de trabalho seguros. Neste trabalho foi desenvolvido um Sistema de Detecção de Intrusões em Redes de Computadores, chamado NeMODe (NEtwork MOnitoring DEclarative approach), que fornece mecanismos de detecção baseados em Programação por Restrições, bem como uma Linguagem Específica de Domínio criada para modelar ataques específicos, usando para isso metodologias de programação declarativa, permitindo relacionar vários pacotes de rede e procurar intrusões que se propagam por vários pacotes e ao longo do tempo. As principais contribuições do trabalho descrito nesta tese são: Uma abordagem declarativa aos Sistema de Detecção de Intrusões em Redes de Computadores, incluindo mecanismos de detecção baseados em Programação por Restrições, permitindo a detecção de ataques distribuídos ao longo de vários pacotes e num intervalo de tempo. Uma Linguagem Específica de Domínio baseada nos conceitos de Programação por Restrições, usada para descrever os ataques nos quais estamos interessados em detectar. Um compilador para a Linguagem Específica de Domínio fornecida pelo sistema NeMODe, capaz de gerar múltiplos detectores de ataques baseados em Gecode, Adaptive Search e MiniSat; ### Abstract: Network Intrusion Detection Systems (NIDSs) are in use probably ever since there are computer networks, with the purpose of monitoring network traffic looking for anomalies, undesired behaviors or a trace of known intrusions to keep both users, data, hosts and services safe, ensuring computer networks are a secure place to work. In this work, we developed a Network Intrusion Detection System (NIDS) called NeMODe (NEtwork MOnitoring DEclarative approach), which provides a detection mechanism based on Constraint Programming (CP) together with a Domain Specific Language (DSL) crafted to model the specific intrusions using declarative methodologies, able to relate several network packets and look for intrusions which span several network packets. The main contributions of the work described in this thesis are: A declarative approach to Network Intrusion Detection Systems, including detection mechanisms based on several Constraint Programming approaches, allowing the detection of network intrusions which span several network packets and spread over time. A Domain Specific Language (DSL) based on Constraint Programming methodologies, used to describe the network intrusions which we are interested in finding on the network traffic. A compiler for the DSL able to generate multiple detection mechanisms based on Gecode, Adaptive Search and MiniSat

Security research and learning environment based on scalable network emulation

Sigurnosni napadi postaju svakodnevni dio Interneta, a učestalost njihovog izvođenja u stalnom je porastu. Zbog toga je potrebno razviti metodu za učinkovito istraživanje i analizu takvih napada. Proučavanje napada potrebno je izvoditi u sprezi s procjenom sigurnosti računalnih sustava na kojima se u tom trenutku izvršavaju napadi. Procjena sigurnosti i proces istraživanja moraju se moći obaviti u kratkom vremenu zbog što brže zaštite od dolazećeg napada. Trenutno je to kompleksan i vremenski zahtjevan zadatak koji uključuje širok raspon sustava i alata. Također, budući da se učestalost napada povećava, novi sigurnosni stručnjaci moraju se obučavati na način koji im je razumljiv i standardiziran. Predlažemo novi pristup procjeni sigurnosti i istraživanju koji koristi skalabilnu emulaciju mreže zasnovanu na virtualizaciji korištenoj u alatu IMUNES. Ovakav pristup pruža ujedinjenu okolinu za testiranje koja je efikasna i jednostavna za korištenje. Emulirana okolina također može služiti kao prenosiv i intuitivan alat za podučavanje i vježbu. Kroz niz implementiranih i analiziranih scenarija, pokazali smo određene koncepte koji se mogu koristiti za novi pristup u procjeni i istraživanju sigurnosti.Security attacks are becoming a standard part of the Internet and their frequency is constantly increasing. Therefore, an efficient way to research and investigate attacks is needed. Studying attacks needs to be coupled with security evaluation of currently deployed systems that are affected by them. The security evaluation and research process needs to be completed quickly to counter the incoming attacks, but this is currently a complex and time-consuming procedure which includes a variety of systems and tools. Furthermore, as the attack frequency is increasing, new security specialists need to be trained in a comprehensible and standardized way. We propose a new approach to security evaluation and research that uses scalable network emulation based on lightweight virtualization implemented in IMUNES. This approach provides a unified testing environment that is efficient and straightforward to use. The emulated environment also couples as a portable and intuitive training tool. Through a series of implemented and evaluated scenarios we demonstrate several concepts that can be used for a novel approach in security evaluation and research

Evaluating Resilience of Cyber-Physical-Social Systems

Nowadays, protecting the network is not the only security concern. Still, in cyber security, websites and servers are becoming more popular as targets due to the ease with which they can be accessed when compared to communication networks. Another threat in cyber physical social systems with human interactions is that they can be attacked and manipulated not only by technical hacking through networks, but also by manipulating people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy- ber security, which means measuring their resilience as a piece of evidence that a system works properly under cyber-attacks or incidents. In that way, cyber resilience is increas- ingly discussed and described as the capacity of a system to maintain state awareness for detecting cyber-attacks. All the tasks for making a system resilient should proactively maintain a safe level of operational normalcy through rapid system reconfiguration to detect attacks that would impact system performance. In this work, we broadly studied a new paradigm of cyber physical social systems and defined a uniform definition of it. To overcome the complexity of evaluating cyber resilience, especially in these inhomo- geneous systems, we proposed a framework including applying Attack Tree refinements and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na segurança cibernética, sites e servidores estão se tornando mais populares como alvos devido à facilidade com que podem ser acessados quando comparados às redes de comu- nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os sistemas devem ser avaliados para além da segurança cibernética, o que significa medir sua resiliência como uma evidência de que um sistema funciona adequadamente sob ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais discutida e descrita como a capacidade de um sistema manter a consciência do estado para detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem manter proativamente um nível seguro de normalidade operacional por meio da reconfi- guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema. Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu- dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de- fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema

Ethical Hacking Pedagogy: An Analysis and Overview of Teaching Students to Hack

An area that is being scrutinized as a more effective method of educating and preparing security professionals is that of ethical hacking. The purpose of this research is to examine a more proactive approach to adequately prepare future information security professionals. Future careers in security may require that professionals be equipped with the necessary skill sets to combat an ever-growing presence of unwanted activity throughout the Internet. Many argue that future information security professionals need to have the same skill sets as attackers in order to adequately recognize and defend networks from intrusion. This research defines ethical hacking and examines the pros and cons of ethical hacking pedagogy as a viable approach for teaching network security to future professionals. The analysis includes the concept of ethical hacking education with an emphasis on ethical and legal concerns associated with ethical hacking pedagogy. The research concludes with an overview of existing best practices in ethical hacking education highlighting a hands-on approach as well as the inclusion of soft skills needed to complement the technical hard skills for future information security professionals

Inferring malicious network events in commercial ISP networks using traffic summarisation

With the recent increases in bandwidth available to home users, traffic rates for commercial national networks have also been increasing rapidly. This presents a problem for any network monitoring tool as the traffic rate they are expected to monitor is rising on a monthly basis. Security within these networks is para- mount as they are now an accepted home of trade and commerce. Core networks have been demonstrably and repeatedly open to attack; these events have had significant material costs to high profile targets. Network monitoring is an important part of network security, providing in- formation about potential security breaches and in understanding their impact. Monitoring at high data rates is a significant problem; both in terms of processing the information at line rates, and in terms of presenting the relevant information to the appropriate persons or systems. This thesis suggests that the use of summary statistics, gathered over a num- ber of packets, is a sensible and effective way of coping with high data rates. A methodology for discovering which metrics are appropriate for classifying signi- ficant network events using statistical summaries is presented. It is shown that the statistical measures found with this methodology can be used effectively as a metric for defining periods of significant anomaly, and further classifying these anomalies as legitimate or otherwise. In a laboratory environment, these metrics were used to detect DoS traffic representing as little as 0.1% of the overall network traffic. The metrics discovered were then analysed to demonstrate that they are ap- propriate and rational metrics for the detection of network level anomalies. These metrics were shown to have distinctive characteristics during DoS by the analysis of live network observations taken during DoS events. This work was implemented and operated within a live system, at multiple sites within the core of a commercial ISP network. The statistical summaries are generated at city based points of presence and gathered centrally to allow for spacial and topological correlation of security events. The architecture chosen was shown to be exible in its application. The system was used to detect the level of VoIP traffic present on the network through the implementation of packet size distribution analysis in a multi-gigabit environment. It was also used to detect unsolicited SMTP generators injecting messages into the core. ii Monitoring in a commercial network environment is subject to data protec- tion legislation. Accordingly the system presented processed only network and transport layer headers, all other data being discarded at the capture interface. The system described in this thesis was operational for a period of 6 months, during which a set of over 140 network anomalies, both malicious and benign were observed over a range of localities. The system design, example anomalies and metric analysis form the majority of this thesis

Enforcing Security with Behavioral Fingerprinting

International audienceAlthough fingerprinting techniques are helpful for security assessment, they have limited support to advanced security related applications. We have developed a new security framework focusing especially on the authentication reinforce- ment and the automatic generation of stateful firewall rules based on behavioral fingerprinting. Such fingerprinting is highly effective in capturing sequential patterns in the behavior of a device. A new machine learning technique is also adapted to monitor high speed networks by evaluating both computational complexity and experimented performances

Selected Computing Research Papers Volume 1 June 2012

An Evaluation of Anti-phishing Solutions (Arinze Bona Umeaku) ..................................... 1 A Detailed Analysis of Current Biometric Research Aimed at Improving Online Authentication Systems (Daniel Brown) .............................................................................. 7 An Evaluation of Current Intrusion Detection Systems Research (Gavin Alexander Burns) .................................................................................................... 13 An Analysis of Current Research on Quantum Key Distribution (Mark Lorraine) ............ 19 A Critical Review of Current Distributed Denial of Service Prevention Methodologies (Paul Mains) ............................................................................................... 29 An Evaluation of Current Computing Methodologies Aimed at Improving the Prevention of SQL Injection Attacks in Web Based Applications (Niall Marsh) .............. 39 An Evaluation of Proposals to Detect Cheating in Multiplayer Online Games (Bradley Peacock) ............................................................................................................... 45 An Empirical Study of Security Techniques Used In Online Banking (Rajinder D G Singh) .......................................................................................................... 51 A Critical Study on Proposed Firewall Implementation Methods in Modern Networks (Loghin Tivig) .................................................................................................... 5