slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Presented By Deepak Kumar Jena Roll no. #CS200117019 PowerPoint Presentation
Download Presentation
Presented By Deepak Kumar Jena Roll no. #CS200117019

Loading in 2 Seconds...

play fullscreen
1 / 12

Presented By Deepak Kumar Jena Roll no. #CS200117019 - PowerPoint PPT Presentation


  • 130 Views
  • Uploaded on

“ Hogwash for Network security ”. Presented By Deepak Kumar Jena Roll no. #CS200117019. Under the guidance of Mr. D.Kanhar. INTRODUCTION. One of the largest challenges facing us today is protecting servers.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Presented By Deepak Kumar Jena Roll no. #CS200117019' - olisa


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

“Hogwash for Network security ”

Presented

By

Deepak Kumar Jena Roll no. #CS200117019

Under the guidance of

Mr. D.Kanhar

CS200117019

slide2

INTRODUCTION

  • One of the largest challenges facing us today is protecting servers.
  • Hogwash is a very cost effective technology to provide the security to the server.
  • The software available for this is Hogwash Tarball which is available free of cost.
  • It operates in three modes as per required.

CS200117019

about hogwash
About Hogwash
  • Hogwash was written as a simple packet filter called Scrub in 1996.
  • In 1999 the packet processing engine was replaced with SNORT and then called Hogwash.
  • SNORT engine was showing its weaknesses for doing heavyweight packet scrubbing,hencereplaced by H2 engine.

CS200117019

modes of operation
Modes of Operation
  • IDS mode
  • Inline Scrubber Mode
  • Honey Pot Control Mode

CS200117019

ids mode
IDS Mode
  • In this mode the system is attached to a span or mirror port on a switch or other network device that has this feature so that the system will watch traffic as it passes this port.
  • Hogwash has over a normal IDS is the ability to send resets to break the TCP session.
  • It is of again 2 types:
          • Host based
          • Network based

CS200117019

inline scrubber mode
Inline Scrubber Mode
  • Inline Scrubber Mode, which can be stealth means with no IP stack or normal.Stealth is one of the key features of Hogwash, which is its ability to function without having a TCP/IP stack.
  • In Inline Scrubber Mode Hogwash has the ability to stop attacks by sending TCP resets, dropping the packet, and/or logging the packet.
  • Hogwash will also be able to sanitize packets to remove only the portion that matches a rule without dropping the whole thing.

CS200117019

honeypot control mode
HoneyPot Control Mode
  • In the HoneyPot Control Mode, Hogwash will protect production systems without repelling attacks.Instead, it forwards suspicious connections to a honeypot to allow for closer analysis: an attack on the honeypot will not impact the network.
  • In this mode,while setup the Hogwash system act as a router to send different types of attacks to different honey pot systems via the use of multiple NICs.

CS200117019

requirements
REQUIREMENTS
  • Operating System:
  • Trinux
  • RedHat Linux 9
  • Debian 3.0
  • Hardware:
  • hardware that will support 2 network cards and Linux

CS200117019

configuration
Configuration
  • Different sections to be configured are:
  • System Section
  • Interface Section
  • Routing Section
  • IP Lists
  • Actions
  • Modules

This is done in the live.config file.

CS200117019

conclusion
CONCLUSION
  • Hogwash is an easy-to-install and very much cost effective technique to protect the server from attackers.
  • Hogwash is suitable for use as a central component that will distract attackers away from production systems to a honeypot, allowing the administrator to monitor the attacker’s nefarious activities and the attack method offline.

CS200117019