Network Monitor Intrusion Detection Embedded System

Published Date: 02 Nov 2017

Chapter 1:

Introduction

Project Context:

In today�s world of increasing computer literacy, it will be almost impossible to live without using the computer & Internet to accomplish one task or the other. The computer has become part of our society and daily life.

The past couple of years have witnessed a dramatic increase in the attention paid to computer network security in both corporate and government institutions. The Internet has fundamentally changed the way organizations conduct business. Network and computer security is critical to the financial health of every organization.

Every organization that uses computers faces the threat of hacking from individuals within the organization and external users.

Network security is an important issue, because of the dependence and utilization of computer networks in order to store, access, and provide business information, internally within an organization and externally to customers and suppliers. Computer networks are typically a shared resource used by many applications representing different interest.

Organizations can use different types of security methods to verify its level of security on network resources; they must choose the method that best suits to their requirements and should monitor their systems for possible unauthorized intrusion and other attacks. This needs to be part of daily routine of every organization�s IT unit.

Therefore, Security is emerging as the primary issue to computer networks, that�s why I chose the topic to be my final project and hope to achieve a new way to secure our daily use of computer network.

Background of the study:

Network intrusion detection is a suitable key element in the entire security method to network protection. By means of network intrusion detection system on the rise and the development in high volume, high-speed networks, network administrators demand to guarantee that network traffic is not being excessively delayed by extra introduced from the inline network intrusion detection system. Network administrators don�t want to put the network security at risk or add unnecessary directly above the already busy tremendously networks by presenting an inline network detection system

Network monitoring involves attempting to detect attacks on a network or on hosts on the network, by monitoring the network traffic. This is usually done through intrusion detection applications. An intrusion detection system is a computer system that helps information system prepare for, and deal with attacks. They accomplish this by collecting information from a variety of system and network sources, and then analyzing the information for possible security problems.

Purpose and Description of the Project

The main purpose of my final year project is to research on new network security products and implementation techniques in order to improve the current network security structure. This is very important because, it will avoid any major network attacks.

Statement of the problem:

When computers are networked together, new security problems occur, for example we have communications, but we have it over local area networks (LANs) as well as wide area networks (WANs) we also have higher speeds and many connections to a common medium. And lastly we have user access from many different systems. So the users over the network are connected to many other networks, inside and outside the organization, which will make the level of the threats much more than (LANs) only network.

The solution:

So here is what I�m going to use to solve the problem, a method of scanning called vulnerability scanning which is the most basic type of security assessment. Vulnerability scanning assesses a network for potential security weaknesses that are well know and well understood. This method is generally carried out by a software package but can also be accomplished through custom scripts. In my case I will use both software and a script to build my project.

The software that I will use is called (Snort�) which is an open source network intrusion prevention and detection system. I will install it into a VMware Linux based system and link it with another hardware called (Ardunio) an open-source electronics prototyping platform based on flexible, easy-to-use hardware and software.

The link between these two separate software and hardware will be through a special script (contains IPs, method of communication, etc) which I will write it into the (Ardunio) through a USB cable.

The Ardunio has an Ethernet port, which will be plug into the (LAN) network; also I will attach a board of LEDs that will indicate the level of the threats.

Now here is how it will work, the Snort will try it best to detect any threats on the network through many special algorithms and send the data to Ardunio through IP based connection, Ardunio with its special scripts will receive the data and try to check level of the threat and forward it to the LEDs indication board, the user will know how much is the level, and based on that, he can stop it before it starts attacking or entering the whole network.

The interesting part of my project is that it is a visual indicator which means by moving the visualization outside of the computer we make it easier to notice, providing the information at a glance and to a large audience.

Objectives of the Project

The main goal of my project is to create an advanced network security system that can protect the network from unauthorized access. My project will mostly focus on organizations and banks that need to secure their data information from the threats and hackers.

By the end of my project, the system that I will build will preform security tasks try to protect the environments as effectively as possible.

These are the aims of my project:

� To protect company assets: one of primary goal of my project is the protection of company assets, the assets are comprised of the information that is housed on a company�s computers and networks.

� Availability: is the protection against downtime, loss of data and blocked access while providing consistent uptime, protecting data and supporting authorized access to resources.

� Confidentiality: is the protection against unauthorized access, while providing authorized users access to resources without obstruction.

� Threat assessment: This network security tactic will be able to identify a threat to the system.

The project scope:

The scope of my project is to build a secure computer network system involves three basic aspects of protection:

1. Protect

2. Detect

3. React

The limitations of the project:

Software:

The system is consist of (Snort), the application which will scan the traffic over the network, this kind of application has many limitations which might effect the real output of my project.

These limitations are:

Drawback 1

The research will be restricted to the detection engine processing effectiveness. This competence will be determined by the quantity of delay that the engine introduces into the network traffic spring and will not be strong-minded by the capability to precisely detect intrusion or by inexactly detected intrusions.

Drawback 2

This study will be restricted to the study of choice pre-processor units used by the Snort intrusion detection system. There are more than a few modules available for Snort; some have been verified and used for Enterprise, while others are still being developed and tested. We will boundary this study to the Flow, sfPortscan, Stream4, Frag2, Telnet_negotiation, and Http_inspect pre-processor modules available in Snort.

Drawback 3

Several different methods for alert output are also available in Snort. This study will restrict the alert possibilities to the standard default, which processes attentive to a basic log file. The system alert output will not be reviewed for this study, as this data would be used to control detection accuracy.

Hardware:

The system also use a special hardware called (Arduino), which has some limitations:

� Coding: it uses C language to code the device, which difficult compare to c++ and java.

� Easy to break: with any minor mistakes in coding will break the core chip of the Arduino

� Communication problem: Different coding language might be problem for Arduino to communicate with.

Definition of terms:

� Snort�: is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire.

� Arduino: is an electronic prototyping based on open source, flexible, easy to use with hardware and software. It's proposed for artists, designers, hobbyists, and anyone interested in creating calibrated objects or environments.

� A local area network (LAN): is a computer network that interconnects computers in a restricted area such as a home, school, computer workshop, or office structure using network media.

� A Wide Area Network (WAN): is a network that covers a broad area (i.e., any telecommunications that links across metropolitan, regional, or national boundaries) using private or public network transports.

� Linux: is a like computer system assembled under the model of free and open source software development and distribution. The defining component of Linux, an operating system kernel first released 5 October 1991 by Linus Torvalds.

� Network security: contains of the supplies and policies accepted by a network to stop and monitor illegal access, misuse, alteration, or disavowal of a computer network and network-accessible properties.

� An intrusion detection system (IDS): is a device or application that displays network or system activities for hateful activities or policy desecration and creates reports to a Management Station.

� Computer Attack: an attack is any effort to abolish, depiction, modify, incapacitate, steal or access an unauthorized to or make unauthorized benefit of a property.

� Threat: s a possible risks that might feat susceptibility to violation security and thus causes possible damage.