1 / 24

Topics

Topics. Network Security Major Problems Why Firewall? Problems with Firewalls What is an Intrusion Detector? Problems with Intrusion Detectors What is a Content Management Firewall? HACKTRAP Features Future Trends Demo. Network Security Major Problems.

brandyb
Download Presentation

Topics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Topics • Network Security Major Problems • Why Firewall? • Problems with Firewalls • What is an Intrusion Detector? • Problems with Intrusion Detectors • What is a Content Management Firewall? • HACKTRAP Features • Future Trends • Demo

  2. Network Security Major Problems • Providing information confidentiality. • Providing data integrity. • Protecting network services availability.

  3. Why Firewall?

  4. Problems with Firewalls • Checks packet headers ONLY • Does NOT detect header intrusions

  5. What is an Intrusion Detector? • A tool that detects intrusion attempts. • Alerts the network administrator with detected intrusions.

  6. Problems with Intrusion Detectors • Does NOT take permanent actions • Does NOT block specific IPs and PORTs

  7. Intrusion Detector

  8. What is a Content Management Firewall? • A new approach of firewalls. • Combines the features of BOTH Firewalls and Intrusion Detectors. • Checks NOT ONLY packet’s header but contents as well. • Blocks the source of the detected intrusions.

  9. HACKTRAP A content management firewall IS OUR SOLUTION

  10. HACKTRAP

  11. HACKTRAP Features • Three Security Levels • FRA (Fast Response Action) Firewall Rules • IDS (Intrusion Detection system) Alerts • ISS (Integrated security system) feedback from IDS to FRA

  12. HACKTRAP Model ISS Generate FRA FRA 2 IDS 3 1 Internal Network External Network 1 3

  13. HACKTRAP Features • Dynamic Action Generation FWRule FW FRActions IDSPRule IDS ISS IDMPRule

  14. HACKTRAP Features • Administrator point of view • Add and Remove types of attacks. • Different types of alerts : popup messages, Data base, XML format ,TCP dump format. • Restrict and unrestrict hosts accessing firewall . • Close and open different services (ports) for outside hosts. • Developer point of view • Intrusions can be easily implemented

  15. Future Work • Enhance for better performance. • Using iptables with the ipchains. • Using ACID to make a good analysis on the intrusion detection output to the data base and display neat graphs representing it. • Adding another output modules such as email & SMS.

  16. Unix Server LAN Internet Hacker Web Server

  17. z y x V x x y y Packet forwarding And NAT (Masquerading) x y Internet Z V

  18. rule2 rule2 rule2 rule3 rule3 rule3 rule4 rule4 rule4 Local process rule1 d Output chain router e ACCEPT ACCEPT m DENY ACCEPT a Input chain s q Forward chain log host

  19. preprocessor Attacks rules Input chain Log file Forward chain Samba alert Alert file database Output chain +

  20. Demo

  21. Lunix LAN Internet HACKTRAP Hacker Windows

More Related