Embed Size (px)
Citation preview
Attack of the ZombiesDiscovering and Mitigating Bots and Botnets
By: Paul Albert
Project Description Design Protocols User Profiles Deliverables Timeline Budget Demonstration Conclusion
Overview
This project creates an easy-to-implement, accurate, and low-cost solution for discovering, mitigating, and reporting bots and botnet activity on a network, along with many other types of malicious network attacks
Small businesses to large companies Flexible Scalable
Project Description
Solution Diagram
Server 3
Server 2
Server 1
Switch 1
Internet
Snort IDSPC 1
PC 2
PC 3
Switch 2
Firewall
Router
Snort IDS Snort IDS
Solution Flowchart
Start Snort
Start Barnyard2
Snort Log File
Snort Configuration File
(snort.conf)
Barnyard2 Configuration File (barnyard.waldo)
BASE
Update Snort and System
Install Ubuntu
Perl ScriptInstall Snort IDS
and Other Packages
Perl Script
Ubuntu – Version 9.10 Snort IDS – Version 2.8.6
◦ IPS Functionality MySQL Basic Analysis and Security Engine (BASE) Barnyard2 – Version 2.1.8 Perl VirtualBox – Version 3.1.2 Windows XP BackTrack 4
Software Utilized
Can vary based on the size of the network Ownership of process Installation
◦ Knowledge to implement solution Maintenance of IDS and BASE
◦ Knowledge to troubleshoot IDS and BASE◦ Knowledge to script in Perl
Analysis of IDS and BASE Receiving and responding to alerts
User Profiles
VirtualBox Install Intrusion Detection System (IDS) Setup
◦ Installation of required software◦ Configuration of required software
Basic Analysis and Security Engine Setup Mitigation Scripting
◦ Perl script to assist with install process Testing
◦ Test to make sure IDS is functioning properly
Deliverables
Timeline9/23/2009 10/28/2009 12/2/2009 1/6/2010 2/10/2010 3/17/2010 4/21/2010 5/26/2010 6/30/2010
Research
Proposal
VirtualBox Setup
IDS Setup
MySQL Setup
BASE Setup
IDS Configuration
Scripting
Mitigation
Testing
Tech Expo
Final Presentation
Budget
Item Estimated Cost Actual CostVirtualBox 3.1.2 Free FreeDesktop Computer Free $1,000.00Windows XP Professional Free $299.99Ubuntu 9.10 Free FreeSnort IDS Free FreeSnort Subscription $29.99 $499.00MySQL Free FreeBASE Free Free
Total $29.99 $1,798.99
Demonstration
There is a need for small, medium, and large sized companies to be able to detect and/or mitigate, and report on malicious activity
Reporting features Easy-to-implement Accurate Low-cost
Conclusion
Questions?
