Java Embedded Network Intrusion Security

1. Java Embedded Network Intrusion Security Abstract Network security has become an essential component of nearly every commercial and government organization. System administrators maintain a constant struggle to stay ahead of new security attacks, patching holes and ensuring proper configuration of software. The Java Embeded Machine (JEM) is a unique solution to network monitoring. It allows for dedicated processing of network information to detect intrusions and other possible security hazards. Objective The goal of this project is to use the JEM board to monitor network activity and to be able to alert a host computer of any possible breaches of security. A host computer recieves the information from the JEM board that has been deemed questionable. The questionable packets are then stored on the host computer for further analysis and logging. Some information will be stored on the JEM for statistical purposes. The statitistics will be available via a web interface. Network Security Network security is needed to prevent unauthorized access by remote assholes. Java Embedded Machine (JEM) In the middle to late 1990s, engineers at the Advanced Technology Center at Rockwell Collins brought forth a unique idea: Since the Java language consists of byte codes, it should theoretically be possible to create microchip (CPU) which uses these Java byte codes as its native machine language. Technical Problem The Ethernet port allow the JEM to reside on the network by itself, and to transmit packets to a dedicated host computer Operating Environment • Local Area Network • Interface with Windows PC Intended User and Uses • Network administrators • Secuirty Research Assumptions and Limitations • Speed of the processor • Memory space available • JEM memory management system • Portability is a primary goal of the system Design Objectives Goal – develop a system to monitor a network and detect security violations Hardware – Rockwell-designed Java Embedded Machine (JEM) Software - written in the JAVA language Functional Requirements Monitor Network Transmit relevant packets Detect security intrusions. Local and remote (web-based) interfaces Design Constraints Memory management Memory space CPU speed Ethernet 10Mb/s Measureable Milestones Project plan (goal: 100% completion) Project poster (goal: 100% completion) Design report (goal: 100% completion) Project presentation (goal: 100% completion) Interface (Java/Web-based) (goal: 100% completion) Packet collection (goal: 80% of packets) - all packets on the visible on the network should be captured for analysis. Intrusion detection (goal: 85% of intrusions) - security intrusions should be detected and dealt with, including user notification. End product description The final product will be a portable ethernet network device to monitor network traffic for potential security hazards. The device will strip the headers off each packet and store them for analysis on a remote computer. This allows the device to spend all of its CPU time looking at packets on the network, while the remote computer will log potential security risks and further analyze the packet headers for ongoing problems. The device will be able to connect to the host computer via serial port in order to update software. Updating the software will allow for better algorithms to identify security risks. Additionally, the device will be accessible from the Internet, allowing the remote user to look at the status of the device. May01-10 Members Jamie Anderson EE Dakota Bailey CprE Joe Bruner CprE Joe Clark CprE Austin Thompson CprE Theron Weimer CprE Acknowledgements Client: Rockwell Collins, Cedar Rapids, IA Contact: Brian Jacobowitz Advisor: Dr. Doug Jacobson Budget and Effort Estimated Total Hours: 500 hours Estimated Total Cost: $165