1 / 21

OpenFlow based firewall with embedded IDS

OpenFlow based firewall with embedded IDS. Team Phoenix Savitha Raghunathan, Suraj Rao and Krishan Sharma. Group project Description. SNORT integration with Floodlight controller SNORT attack generation (ICMP rules with a given source ip as Anomaly) Integration with OVS switch in Mininet

charde-lynn
Download Presentation

OpenFlow based firewall with embedded IDS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenFlow based firewall with embedded IDS Team Phoenix Savitha Raghunathan, Suraj Rao and Krishan Sharma

  2. Group project Description • SNORT integration with Floodlight controller • SNORT attack generation (ICMP rules with a given source ip as Anomaly) • Integration with OVS switch in Mininet • Automated intrusion prevention using OpenFlow network reconfiguration (Block port functionality)

  3. Group project Description • Web GUI for the firewall administration • Viewing Network Topology • Network Reconfiguration / Firewall Rules functionality • Block Port • Redirect traffic • Model View Controller (MVC) framework for the application • Controller and Application Integration • Callback notification on successful updates

  4. Group project Description • Decision Module Development • Heart of the application • Parses snort alert files • Makes connection with controller and updates firewall rules • Provides data interchange between controller and the application • Creates new flows and pushes to the floodlight controller using the REST api

  5. Project Description (Interim)

  6. Project Description (Final)

  7. Technical Details • Softwares & API Used • Mininet for the network Emulation • Jackson for Java to JSON interchange and vice versa • Putty for SSH to virtual machine • Xming server • Oracle VirtualBox • WinSCP • Snort for IDS

  8. Technical Details • Softwares & API Used • Floodlight controller • Floodlight REST API • Eclipse IDE • Adobe Dreamweaver • Apache Tomcat application server • Microsoft Office- for reporting and presentation purposes

  9. Technical Details • Network Topology • Requirements - SNORT IDS, Mininet

  10. Technical Details (Mid Term)

  11. Technical Details (Final)

  12. Technical Details • Open vSwitch (OVS) is the software version of the OpenFlow switch. In our scenario, OVS is implemented in the Mininet. • Snort agent is integrated with the OVS and is used to sniff at the dummy port dummy0. • This agent validates all the packets according to the snort rules database.

  13. Technical Details contd. • The kind of attack generation used in our application is based on validating the IP as specified in the ICMP rules file for snort. • Snort Daemon writes to the log file on which the a watcher listener is listening. (Developed code). • This watcher service makes a call to the parsing function for decision module and snort alert file is passed to the decision module.

  14. Technical Details contd. • Snort Alert message is parsed for the source IP address and a corresponding flow rule is generated by the decision module. • Decision module writes this flow rule into the controller using the REST API. • Controller then sends a packet to switch and the respective flow is pushed to the switch.

  15. Technical Details contd. • Web application module is used to install firewall rules in the OpenFlow switch through controller. • User/Admin can view the network topology using interactive network visualization which also displays information like port, IP and MAC etc. • User/Admin can change network topology dynamically by blocking port in the switch or redirecting traffic.

  16. Technical Details contd.

  17. Risks and Benefits • Novel aspects of this project: • Seamless integration of Snort and the OpenFlow controller • Snort in always on mode provides security • Network reconfigurations to provide security protection • Risks/challenges: • Customized attack generation –Averted using simple IP based rules files • Java web application deployment on GENI • Potential applications & benefits: • Good performance because of locality of snort • Providing security to SDN related research projects

  18. Tasks Accomplished • Snort Integration with OpenFlow • Snort and controller communication module • Port mirroring using Switch Port Analyzer (SPAN) • Attack Generation (dummy attacks) • Operational on Mininet • Web User Interface

  19. Tasks Accomplished • Interactive Network Visualization • Decision Module • Flow Rules update functionality • Decision Module to controller communication • Final Report

  20. Conclusion & Future Scope • This project inherits the intrusion detection capability from Snort and flexible network reconfiguration from OpenFlow. • During implementation, we also discovered a scenario where we might need to add hosts and switches to the existing topology. • Developed a way to serialize Mininet object and partially solved the above issue.(Future)

  21. Demonstrable on Mininet

More Related