NetFlow, RMON and Cisco-NAM deployment

In this report, we present the deployment of NetFlow, RMON and the Cisco Network Analysis Module, Cisco-NAM, on the team testbed. First, we present the different technologies, and then we describe their deployment and how they were integrated in the team testbed

Syscall Interception in Xen Hypervisor

In the scope of the ANR-08-VERS-017 project Vampire, as part of Task 4 on close loop fuzzing, we performed a feasibility study on system calls interception within the Xen virtualization system. In this report, we present the work done and the results obtained during this study

Powering Monitoring Analytics with ELK stack

International audienceMachine-generated data, including logs and network flows, are considerably growing and their collection, searching, and visualization is a challenging task for (a) daily administrator activities and (b) researchers aiming to better find out analytics and insights from monitoring data regarding their research goals, including amongst others security or modeling of network and systems.This tutorial introduces the open source ELK stack and its components, including Elasticsearch for deep search and data analytics, Logstash for centralized logging, log enrichment, and parsing, and Kibana for powerful and beautiful data visualizations. ELK enables the analysis and visualization of monitoring data, such as logs and netflows. The first part of the tutorial details these individual components. The second part provides guidelines for the deployment and configuration of ELK components. In the third part participants will perform hands-on practical work for collecting, processing, and enriching logs and netflows, combined with the creation of associated visualization and dashboards aspects

Security Analysis of Internet of Things Devices: Hands-on lab

International audienc

HSL: a Cyber Security Research Facility for Sensitive Data Experiments

International audienceCybersecurity experiments that involve private data or malware samples require controlled environments and an appropriate facility to collect and characterise them, or understand their operations without compromising the security of these data and the hosting institution. Using such facilities allows the researchers to carry reproducible and long term research activities in a safe environment, without worrying about side effects or loss of data. In this paper, we detail the design of a cybersecurity facility to carry such experiments, including malware collection and analysis, network telescopes and honeypots, or hosting critical services. The facility, aka High Security Lab (HSL), is running since 2010, and is widely used by multiple research groups to carry sensitive data cybersecurity experiments. It includes an evolving infrastructure with tools and processes for building and running long-term and reproducible cyber security experiments. We report on our experience and lessons learned from the design, the setup and the evolution of this facility during 10 years while focusing on major cybersecurity experiments that have been conducted by researchers

High Security Laboratory - Network Telescope Infrastructure Upgrade

As part of the High Security Laboratory at INRIA Nancy Grand Est inaugurated in July 2010, we have been running and maintaining a network telescope for more than 2 years. Many updates and upgrades of the different components have been made during this period, as well as the apparition of new threats and vulnerabilities, motivating an upgrade of the existing infrastructure to maintain it up-to-date with the current security issues. This report is a follow up of the previous report written in May 2008 describing the specification and deployment of the initial infrastructure. In this report, we present the upgrade performed during the second half of the year 2010, after the inauguration and moving of the platform

Automatic IPv4 to IPv6 Transition D2.2 - Transition Engine Specification and Implementation

Over the last decade, IPv6 has established itself as the most mature network protocol for the future Internet. While its acceptance and deployment remained so far often limited to academic networks, its recent deployment in both core networks of operators (often for management purposes) and its availability to end customers of large ISPs demonstrates its deployment from the inside of the network leading to the edges. For many enterprises, the transition is seen as a tedious and error prone task for network administrators. In the context of the Cisco CCRI project, we aim at providing the necessary algorithms and tools to automate the transition. In this report, we present the first outcome of this work, namely an analysis of the transition procedure and a model of target networks on which our automatic approach will be experimented. We also present a first version of a set of transition algorithms that will be refined through the study

A Monitoring Approach for Safe IPv6 Renumbering

Network renumbering is a very interesting feature of IPv6. It is also one of the most risky procedure which needs special attention in the management plane. In this paper we identify the challenges of renumbering and demonstrate how monitoring can improve this process. We also present an implementation of a monitoring framework and share the experience gained in its deployment

High Security Laboratory - Network Telescope

While attacks are widespread, network data related to them is rarely available to academies for investigation. In this context, the MADYNES team, which develops research activities on security management, decided to build an infrastructure capable of collecting the necessary data to enable analysis and modeling of malicious systems from a network point of view. This infrastructure is now part of the LORIA High Security Laboratory

Automatic IPv4 to IPv6 Transition D1.1 - Network Topologies and Transition Procedures

Over the last decade, IPv6 has established itself as the most mature network protocol for the future Internet. While its acceptance and deployment remained so far often limited to academic networks, its recent deployment in both core networks of operators (often for management purposes) and its availability to end customers of large ISPs demonstrates its deployment from the inside of the network leading to the edges. For many enterprises, the transition remains an issue today. This remains a tedious and error prone task for network administrators. In the context of the Cisco CCRI project, we aim at providing the necessary algorithms and tools to enable this transition to become automatic. In this report, we present the first outcome of this work, namely an analysis of the transition procedure and a model of target networks on which our automatic approach will be experimented. We also present a first version of a set of transition algorithms that will be refined through the study