1 / 13

Grid-wide Intrusion Detection

Grid-wide Intrusion Detection. Stuart Kenny*, Brian Coghlan Trinity College Dublin. Overview. SANTA-G SANTA-G NetTracer Intrusion Detection System Summary. SANTA-G. Developed by TCD within CrossGrid Framework for accessing monitoring information via Grid InfoSys

kiefer
Download Presentation

Grid-wide Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Trinity College Dublin

  2. Overview • SANTA-G • SANTA-G NetTracer • Intrusion Detection System • Summary Grid-wide Intrusion Detection

  3. SANTA-G • Developed by TCD within CrossGrid • Framework for accessing monitoring information via Grid InfoSys • Info providers insert data periodically • Inefficient, or impossible, when dealing with large amounts data • Better to leave data where it was created • Data transferred when requested by client Grid-wide Intrusion Detection

  4. SANTA-G Grid-wide Intrusion Detection

  5. SANTA-G NetTracer • Demonstrates SANTA-G framework • Access libpcap logfiles via EDG R-GMA • Tcpdump logfiles, network monitoring • SNORT logfiles, intrusion detection • Uses R-GMA CanonicalProducer (TCD) Grid-wide Intrusion Detection

  6. SANTA-G NetTracer Grid-wide Intrusion Detection

  7. SANTA-G Intrusion Detection We can use SNORT functionality of NetTracer as basis of Grid-wide intrusion detection system. Grid-wide Intrusion Detection

  8. SANTA-G Intrusion Detection Grid-wide Intrusion Detection

  9. SANTA-G Intrusion Detection Grid-wide Intrusion Detection

  10. Grid Intrusion Detection • Each site hosts NetTracer • SNORT sensors on each monitored node • Detected alerts are streamed to R-GMA • Grid-wide intrusion log: • GOC collects alerts from multiple sites • Uses R-GMA archiver Grid-wide Intrusion Detection

  11. Grid Intrusion Detection Grid-wide Intrusion Detection

  12. Grid-wide Intrusion Alerts • Grid-wide alerts: • GOC runs custom Consumers querying for specific alert patterns • Consumers send alerts if pattern detected • An example filter might be: Consumer alert = new Consumer(“SELECT * FROM snortAlerts WHERE message=“DDOS mstream client to handler”, Consumer.CONTINUOUS); while(true){ ResultSet ddosAlerts = alerts.pop(); while(ddosAlerts.next()){ sendEmailAlert(ddosAlerts.getString(“alert_timestamp”,… } } Grid-wide Intrusion Detection

  13. Summary • SANTA-G framework allows client access to monitoring data through Grid InfoSys • Example provided by SANTA-G NetTracer • SNORT functionality of NetTracer used to construct Grid-wide IDS • Alerts from multiple sites collected by GOC • GOC analyses IDS log and generates Grid-wide intrusion alerts • To be deployed on Grid-Ireland Jan ‘05 Grid-wide Intrusion Detection

More Related