1 / 12

Presented By Deepak Kumar Jena Roll no. #CS200117019

“ Hogwash for Network security ”. Presented By Deepak Kumar Jena Roll no. #CS200117019. Under the guidance of Mr. D.Kanhar. INTRODUCTION. One of the largest challenges facing us today is protecting servers.

olisa
Download Presentation

Presented By Deepak Kumar Jena Roll no. #CS200117019

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Hogwash for Network security ” Presented By Deepak Kumar Jena Roll no. #CS200117019 Under the guidance of Mr. D.Kanhar CS200117019

  2. INTRODUCTION • One of the largest challenges facing us today is protecting servers. • Hogwash is a very cost effective technology to provide the security to the server. • The software available for this is Hogwash Tarball which is available free of cost. • It operates in three modes as per required. CS200117019

  3. About Hogwash • Hogwash was written as a simple packet filter called Scrub in 1996. • In 1999 the packet processing engine was replaced with SNORT and then called Hogwash. • SNORT engine was showing its weaknesses for doing heavyweight packet scrubbing,hencereplaced by H2 engine. CS200117019

  4. Modes of Operation • IDS mode • Inline Scrubber Mode • Honey Pot Control Mode CS200117019

  5. IDS Mode • In this mode the system is attached to a span or mirror port on a switch or other network device that has this feature so that the system will watch traffic as it passes this port. • Hogwash has over a normal IDS is the ability to send resets to break the TCP session. • It is of again 2 types: • Host based • Network based CS200117019

  6. Inline Scrubber Mode • Inline Scrubber Mode, which can be stealth means with no IP stack or normal.Stealth is one of the key features of Hogwash, which is its ability to function without having a TCP/IP stack. • In Inline Scrubber Mode Hogwash has the ability to stop attacks by sending TCP resets, dropping the packet, and/or logging the packet. • Hogwash will also be able to sanitize packets to remove only the portion that matches a rule without dropping the whole thing. CS200117019

  7. Setting up a Hogwash Box in Inline Scrubber Mode CS200117019

  8. HoneyPot Control Mode • In the HoneyPot Control Mode, Hogwash will protect production systems without repelling attacks.Instead, it forwards suspicious connections to a honeypot to allow for closer analysis: an attack on the honeypot will not impact the network. • In this mode,while setup the Hogwash system act as a router to send different types of attacks to different honey pot systems via the use of multiple NICs. CS200117019

  9. Setting up a Hogwash Box in honeypot mode CS200117019

  10. REQUIREMENTS • Operating System: • Trinux • RedHat Linux 9 • Debian 3.0 • Hardware: • hardware that will support 2 network cards and Linux CS200117019

  11. Configuration • Different sections to be configured are: • System Section • Interface Section • Routing Section • IP Lists • Actions • Modules This is done in the live.config file. CS200117019

  12. CONCLUSION • Hogwash is an easy-to-install and very much cost effective technique to protect the server from attackers. • Hogwash is suitable for use as a central component that will distract attackers away from production systems to a honeypot, allowing the administrator to monitor the attacker’s nefarious activities and the attack method offline. CS200117019

More Related