DOCSLIB.ORG

AN IMPLEMENTATION of INTRUSION DETECTION and PREVENTION SYSTEMS Dr

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
AN IMPLEMENTATION of INTRUSION DETECTION and PREVENTION SYSTEMS Dr AN IMPLEMENTATION OF INTRUSION DETECTION AND PREVENTION SYSTEMS Dr. G.N.K.Suresh Babu1, Dr. M. Kumarasamy2 1Professor, Department of Computer Science, Acharya Institute of Technology, Bangalore 2Professor, Department of Informatics, Wollega University, Ethiopia /Africa ABSTRACT Keywords: Intruders, Attacks, Virus, The purpose of the paper is to develop a two- Wireless, Hackers stage approach for the important cyber- security problem of detecting the presence of 1. INTRODUCTION a botnet and identifying the compromised Intrusion detection and prevention mechanisms nodes (the bots), ideally before the botnet can detect malicious activities performed by becomes active. The expansion of mobile external or internal attackers, by monitoring and computing devices such as laptops and analyzing network activities. The existing IDS Personal digital assistants (PDAs) increased architectures for ad hoc networks can be the demand for the Wireless Local Area classified into stand-alone, cooperative and Networks (WLANs) in the corporate world. hierarchical. In stand-alone architecture, every In last decade, there was a huge increase in node in the network performs detection based the deployment of the wireless LANs in the on its local data using an IDS agent installed on corporate and this growth is drastically it. In cooperative architecture, each node has an increases every year due to its low cost, IDS agent that communicates and collaborates strong performance and ease of deployment. with other nodes’ agents, forming a global Although many enterprises are highly intrusion detection to resolve inconclusive concerned about the security issues such as detections. Hierarchical IDS is a sm unauthorized use of service and privacy in their Wireless LANs, they are unaware or ort of cooperative architecture suited to multi- unsure about providing a strong security to layered networks. In this architecture, the their wireless network. Within the past 10 network is divided into clusters, where some years, wireless LANs become more prevalent nodes are selected as cluster heads to undertake at home, most of the computer users are more responsibility than other cluster members. getting adapted to laptops where they setup Each cluster member performs local detection, wireless networks to connect internet. Unlike while cluster heads perform global detection wired LANs, wireless LANs is more (Sen, 2010). This paper focuses on both home vulnerable to intrusions, misuse and attacks and enterprise wireless local area networks. It due to the fact that the data is transmitted starts with a research on the various threats, across the air in clear text which is easily attacks and vulnerabilities in the WLANs. accessible. Wireless hacking is one of the Multi-hop ad hoc networks are often secured by major issues in the wireless networking using either cryptography or intrusion detection where there are numerous and potentially systems (IDSs). Cryptographic approaches can dangerous threats that includes interception, protect ad hoc networks against external unauthorized monitoring of wireless traffic, attackers using node authentication and data client to client attacks, jamming, session encryption. However, these techniques cannot hijacking, etc. prevent insider attacks, consumes considerable ISSN (PRINT): 2393-8374, (ONLINE): 2394-0697, VOLUME-4, ISSUE-10, 2017 1 INTERNATIONAL JOURNAL OF CURRENT ENGINEERING AND SCIENTIFIC RESEARCH (IJCESR) resources and have their associated problems devices in the network. But scanning all such as key issuing and management. traffic could lead to the creation of bottlenecks, which impacts the overall 2. INTRUSION DETECTION AND speed of the network. PREVENTION SYSTEM HIDS: Host intrusion detection systems IDS/IPS devices need two things to provide an run on separate machines or devices in the effective layer of security. The devices must be network, and provide safeguards to the tuned to the network they monitor and tuned-in overall network against threats coming to the latest threats. Getting the maximum ROI from the outside world. from your investment in IDS/IPS is easier with Signature based IDS: Signature based a bit of expert help. The tough part of big data is IDS systems monitor all the packets in the analyzing it to know what action to take. IDS network and compare them against the devices can generate thousands of alerts daily, database of signatures, which are pre- many of which are false positives, which can configured and pre-determined attack send your team off to chase ghosts. Keeping patterns. They work similar to antivirus your IDS/IPS devices tuned, up-to-date and software. monitored appropriately given new emerging Anomaly based IDS: This IDS monitors threats can become a heavy burden for limited network traffic and compares it against an security resources. Shifting this burden to a established baseline. The baseline managed service staffed with security device determines what is considered normal for experts can offer needed relief, along with the network in terms of bandwidth, improved insights that help you take the right protocols, ports and other devices, and the action to remediate identified threats. Fig 1 IDS alerts the administrator against all represents how firewall can be used for sorts of unusual activity. intrusion detection. Passive IDS: This IDS system does the simple job of detection and alerting. It just alerts the administrator for any kind of threat and blocks the concerned activity as a preventive measure. Reactive IDS: This detects malicious activity, alerts the administrator of the threats and also responds to those threats. 4. OPEN SOURCE NETWORK INTRUSION DETECTION TOOLS 4.1Snort Snort is a free and open source network intrusion detection and prevention tool. It was created by Martin Roesch in 1998. The main advantage of using Snort is its capability to perform real-time traffic analysis and packet Fig. 1 Intrusion Detection Using Firewall logging on networks. With the functionality of Systems protocol analysis, content searching and various pre-processors, Snort is widely accepted as a 3. INTRUSION DETECTION TOOLS tool for detecting varied worms, exploits, port There are a wide variety of IDSs available, scanning and other malicious threats. It can be ranging from antivirus to hierarchical systems, configured in three main modes — sniffer, which monitor network traffic. The most packet logger and network intrusion detection. common ones are listed below. In sniffer mode, the program will just read packets and display the information on the NIDS: Network intrusion detection console. In packet logger mode, the packets will systems are placed at highly strategic be logged on the disk. In intrusion detection points within the network to monitor mode, the program will monitor real-time traffic inbound and outbound traffic from all and compare it with the rules defined by the ISSN (PRINT): 2393-8374, (ONLINE): 2394-0697, VOLUME-4, ISSUE-10, 2017 2 INTERNATIONAL JOURNAL OF CURRENT ENGINEERING AND SCIENTIFIC RESEARCH (IJCESR) user. 4.3OpenWIPS-NG Snort can detect varied attacks like a buffer OpenWIPS-NG is a free wireless intrusion overflow, stealth port scans, CGI attacks, SMB detection and prevention system that relies on probes, OS fingerprinting attempts, etc. It is sensors, servers and interfaces. It basically runs supported on a number of hardware platforms on commodity hardware. It was developed by and operating systems like Linux, OpenBSD, Thomas d’Otrepe de Bouvette, the creator of FreeBSD, Solaris, HP-UX, MacOS, Windows, Aircrack software. OpenWIPS uses many etc. functions and services built into Aircrack-NG for scanning, detection and intrusion 4.2SecurityOnion prevention. The three main parts of OpenWIPS- Security Onion is a Linux distribution for NG are listed below: intrusion detection, network security monitoring and log management. The open source Sensor: Acts as a device for capturing wireless distribution is based on Ubuntu and comprises traffic and sending the data back to the server lots of IDS tools like Snort, Suricata, Bro, Sguil, for further analysis. The sensor also plays an Squert, Snorby, ELSA, Xplico, NetworkMiner, important role in responding to all sorts of and many others. Security Onion provides high network attacks. visibility and context to network traffic, alerts Server: Performs the role of aggregation of and suspicious activities. But it requires proper data from all sensors, analyses the data and management by the systems administrator to responds to attacks. Additionally, it logs any review alerts, monitor network activity and to type of attack and alerts the administrator. regularly update the IDS based detection rules. Interface: The GUI manages the server and Security Onion has three core functions: displays the information regarding all sorts of threats against the network. Full packet capture Network based and host based intrusion 4.4Suricata detection systems Suricata is an open source, fast and highly Powerful analysis tools robust network intrusion detection system developed by the Open Information Security Full packet capture: This is done using Foundation. The Suricata engine is capable of netsnifff-ng, which captures all network traffic real-time intrusion detection, inline intrusion that Security Onion can see, and stores as much prevention and network security monitoring. as your storage solution can hold. It is like a Suricata consists of a few modules like real-time camera for networks, and provides all Capturing, Collection,
Load more

Recommended publications
  • Integrity Checking of Operating Systems with Respect to Kernel Level Malware”
    To Bianca, for being who you are. Abstract Kernel-mode rootkits have gained a considerable momentum within the blackhat com- munity. They represent a considerable threat to any computer system, as they pro- vide an intruder with the ability to hide the presence of his malicious activity. These rootkits make changes to the operating system’s kernel, thereby providing particularly stealthy hiding techniques. Considering the kernel rootkit threat and other threats, the collection of reliable information from a compromised system becomes a central problem within the domain of computer security. This thesis addresses this problem. It looks at the possibility of using virtualization as a means to facilitate kernel-mode rootkit detection through integrity checking. The thesis describes several areas within the Linux kernel, which are commonly subverted by kernel-mode rootkits. It introduces the reader to the concept of virtual- ization and describes several technologies employing virtualization. The kernel-mode rootkit threat is then addressed through a description of their hiding methodologies. Some of the existing methods for malware detection are also addressed and analysed. A number of general requirements, which need to be satisfied by a general model enabling kernel-mode rootkit detection, are identified. A model addressing these requirements is suggested, and a framework implementing the model is set-up. The detection capabilities of the framework are tested on a couple of rootkits. iii Preface This report presents the results of my master thesis “Integrity checking of operating systems with respect to kernel level malware”. It is written as part of the Master de- gree (Sivilingeniør) in Computer Science at the Norwegian University of Science and Technology (NTNU), during Spring 2005.
    [Show full text]
  • A Brief Study and Comparison Of, Open Source Intrusion Detection System Tools
    International Journal of Advanced Computational Engineering and Networking, ISSN: 2320-2106, Volume-1, Issue-10, Dec-2013 A BRIEF STUDY AND COMPARISON OF, OPEN SOURCE INTRUSION DETECTION SYSTEM TOOLS 1SURYA BHAGAVAN AMBATI, 2DEEPTI VIDYARTHI 1,2Defence Institute of Advanced Technology (DU) Pune –411025 Email: [email protected], [email protected] Abstract - As the world becomes more connected to the cyber world, attackers and hackers are becoming increasingly sophisticated to penetrate computer systems and networks. Intrusion Detection System (IDS) plays a vital role in defending a network against intrusion. Many commercial IDSs are available in marketplace but with high cost. At the same time open source IDSs are also available with continuous support and upgradation from large user community. Each of these IDSs adopts a different approaches thus may target different applications. This paper provides a quick review of six Open Source IDS tools so that one can choose the appropriate Open Source IDS tool as per their organization requirements. Keywords - Intrusion Detection, Open Source IDS, Network Securit, HIDS, NIDS. I. INTRODUCTION concentrate on the activities in a host without considering the activities in the computer networks. Every day, intruders are invading countless homes On the other hand, NIDS put its focus on computer and organisations across the country via virus, networks without examining the hosts’ activities. worms, Trojans, DoS/DDoS attacks by inserting bits Intrusion Detection methodologies can be classified of malicious code. Intrusion detection system tools as Signature based detection, Anomaly based helps in protecting computer and network from a detection and Stateful Protocol analysis based numerous threats and attacks.
    [Show full text]
  • Ten Strategies of a World-Class Cybersecurity Operations Center Conveys MITRE’S Expertise on Accumulated Expertise on Enterprise-Grade Computer Network Defense
    Bleed rule--remove from file Bleed rule--remove from file MITRE’s accumulated Ten Strategies of a World-Class Cybersecurity Operations Center conveys MITRE’s expertise on accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities enterprise- grade of leading Cybersecurity Operations Centers (CSOCs), ranging from their structure and organization, computer MITRE network to processes that best enable effective and efficient operations, to approaches that extract maximum defense Ten Strategies of a World-Class value from CSOC technology investments. This book offers perspective and context for key decision Cybersecurity Operations Center points in structuring a CSOC and shows how to: • Find the right size and structure for the CSOC team Cybersecurity Operations Center a World-Class of Strategies Ten The MITRE Corporation is • Achieve effective placement within a larger organization that a not-for-profit organization enables CSOC operations that operates federally funded • Attract, retain, and grow the right staff and skills research and development • Prepare the CSOC team, technologies, and processes for agile, centers (FFRDCs). FFRDCs threat-based response are unique organizations that • Architect for large-scale data collection and analysis with a assist the U.S. government with limited budget scientific research and analysis, • Prioritize sensor placement and data feed choices across development and acquisition, enteprise systems, enclaves, networks, and perimeters and systems engineering and integration. We’re proud to have If you manage, work in, or are standing up a CSOC, this book is for you. served the public interest for It is also available on MITRE’s website, www.mitre.org. more than 50 years.
    [Show full text]
  • Network Security Jim Binkley
    Tools Network Security Jim Binkley. Jim Binkley 1 Outline basic tools netcat intrusion detection – network monitors – net-based audit/analysis (nessus) – net-based signature analysis (snort) (see ASCII lecture) – host-based anomaly analysis (tripwire) web audit/analysis wireless (kismet/netstumbler) attack tools (dsniff, ettercap) remote control/backdoor tools Jim Binkley 2 a few intro thoughts some of these tools can be grouped into different categories BUT then both tripwire and ourmon are intrusion detection tools (what do they have in common?) ID tools may have problems with false-positives attack tools can always be used for defensive purposes or offensive purposes: – nmap used to check for open ports ... any tool may be used for ill (even ping) Jim Binkley 3 information sources: Anti-Hacker Toolkit, Jones, Shema, Johnson. Osborne 2002 Snort FAQ (and book) nmap documentation Hacker’s Exposed in numerous editions Jim Binkley 4 basic tools ping and relatives traceroute tcpdump and other sniffers – ethereal whois and the whois database dig/nslookup and the DNS scanners problem: given email handout, what can you learn about its origin? Jim Binkley 5 ping ping may be used to test basic 2-way connectivity or determine if an ip address space is populated – to stuff an ARP database (HPOV does this) » so that we can see how many hosts we have – to enable a port query because J. Hacker has an exploit Jim Binkley 6 ping may have these options -c <count> - send count pings -n <count> - windows, the same thing -f -
    [Show full text]
  • Beginner's Guide to Open Source Intrusion Detection Tools
    BEGINNER’S GUIDE to Open Source Intrusion Detection Tools www.alienvault.com Introduction to Open Source Intrusion Detection Threat and intrusion detection have become a top priority in cybersecurity, making it more important than ever before. If you aren’t already running an intrusion detection system (IDS) in your network, you should start now. Is Open Source Security a Good Route? There are a wealth of great tools out there that can dramatically improve the security of your network. Open source security goes back decades, and there is a large, active community behind many of the tools. In fact, some of these tools are used by commercial security vendors in their products, and these vendors contribute to the tools to keep them current. Before getting started, we’d be remiss not to address the pros and cons of going the open source route. Open source might be a good solution for you if: • Your company has the expertise in both security and system administration needed to deploy several tools with only community support. • You want “complete control” over your security architecture and are willing to do extra work to make that happen. • You develop a plan for keeping these tools up-to-date. Unlike most software, failure to keep security tools current with the latest versions and security updates (which may come weekly, daily, or even hourly) renders the tools themselves almost useless after a short time. • You have a very low budget to buy products, but have the staff needed to maintain open source tools. • Your use-case and security concerns don’t align well with commercial products.
    [Show full text]
  • Open Source Intrusion Detection Tools
    Beginner’s guide: Open source intrusion detection tools 1 Threat and intrusion Is open source detection have security a become a top priority in cybersecurity, good route? making it more important than ever before. If you aren’t already running an intrusion detection system (IDS) in your network, you should start now. This document is intended to include general information for beginners learning about open source intrusion detection. Use of names of 2 third party companies in the document are for informational purposes only and do not constitute any endorsement by AT&T Cybersecurity. Introduction There are a wealth of great tools out there that can dramatically improve the security of your network. Open source security goes back decades, and there is a large, active community behind many of the tools. In fact, some of these tools are used by commercial security vendors in their products, and these vendors contribute to the tools to keep them current. Before getting started, we’d be remiss not to address the pros and cons of going the open source route. Open source might be a good solution for you if: Open source is easier than ever to install and maintain. • Your company has the expertise in both security and system However, on the “con” side, there are a few important administration needed to deploy several tools with only concerns. If you are going to design a security solution for community support. your company, please keep in mind: • You will have to do your own support. There are great • You want “complete control” over your security architecture communities behind some of these tools, but you are the only and are willing to do extra work to make that happen.
    [Show full text]
  • Unix Administration
    Unix Administration Guntis Barzdins Linux System Administration SYS ADMIN TASKS Setting the Run Level System Services User Management Network Settings Scheduling Jobs Quota Management Backup and Restore Adding and Removing software/packages Setting a Printer Monitoring the system (general, logs) Monitoring any specific services running. Eg. DNS, DHCP, Web, NIS, NPT, Proxy etc. Process Manipulation Once you run a program (e.g. vi, myprog,...), that program will suspend the terminal you called it in (the terminal will not be receiving input from you). You can start the program in the background to avoid this: myprog & You can suspend a program that is running and send it to background, if you already started it: Ctrl-z (to suspend) bg (sends the suspended program to the background) ps (show running processes) top (monitor running processes) kill (kill processes) & (send process to background) bg (send process to background) fg (get process from background) Ctrl+c (terminate process) Ctrl+z (suspend process) Intrusion Detection System (IDS) Open Source Tripwire – is a file integrity- checking program for UNIX/Linux operating systems Host-based Software that alerts you when important files change Tripwire keeps a hash value for each designated file When a file is altered/deleted, tripwire will have a new hash value that is different than the original Replaced by more advanced HIDS: OSSEC, Samhain, AIDE Client/Server mode etc. Tripwire tutorial in a slide Initial setup download / build / install it generate policy file # twadmin –create-polfile /etc/tripwire/twpol.txt modify policy file (e.g. remove unnecessary files) # vi /etc/tripwire/twpol.txt build initial database # tripwire –init check periodically # tripwire –check reconcile differences (e.g.
    [Show full text]
  • Prelude User Manual General Configuration
    Prelude User Manual [[PreludeForeword|Foreword]] 1. Introduction 1. [[PreludeGlossary|Glossary]] 2. [[PreludeComponents|Prelude Components]] 3. [[PreludeArchitecture|Prelude Architecture]] 4. [[PreludeStandards|Prelude Standards]] 5. [[PreludeCompatibility|Prelude Compatibility]] 2. Installation 1. [[InstallingPreludeRequirement|Installation Requirements]] 2. [[InstallingPrelude|Installation from sources]] 1. [[InstallingPreludeLibrary|Libprelude]] 2. [[InstallingPreludeDbLibrary|LibpreludeDB]] 3. [[InstallingPreludeManager|Prelude Manager]] 4. [[InstallingPreludeCorrelator|Prelude Correlator]] 5. [[InstallingPreludeLml|Prelude LML]] 6. [[InstallingPreludePrewikka|Prewikka]] 3. [[InstallingPackage|Installation from packages]] 4. [[AgentsInstallation|Agents Installation]] 1. [[InstallingAgentRegistration|Agents Registration]] 2. [[InstallingAgentThirdparty|3rd Party Agents Installation]] 3. Configuration 1. [[ConfigurationGeneral|General Configuration]] 2. [[PreludeComponentsConfiguration|Prelude Components Configuration]] 1. [[PreludeManager|Prelude-Manager]] 2. [[PreludeCorrelator|Prelude-Correlator]] 3. [[PreludeLml|Prelude-LML]] 4. [[PreludeImport|Prelude-Import]] 3. [[HowtoHACentralServices|Howto Configure High Availability Central Services]] 4. Optimisation 1. [[DatabaseOptimisation|Database Optimisation]] 5. User Manuals 1. [[ManualPrewikka|Prewikka Manual]] 2. [[ManualPreludeAdmin|Prelude-Admin Manual]] 3. [[ManualPreludeDbAdmin|PreludeDB-Admin Manual]] 6. Development 1. [[DevelopmentGuidelines|Development guidelines]] 2. [[SourceOrganization|Source
    [Show full text]
  • An Efficient Intrusion Detection System for Networks with Centralized
    An Efficient Intrusion Detection System for Networks with Centralized Routing Paulo Filipe Canha de Andrade Dissertação para obtenção de Grau de Mestre em Engenharia Informática e de Computadores Júri Presidente: Prof. Luis Eduardo Teixeira Rodrigues Orientador: Prof. Fernando Henrique Corte Real Mira da Silva Co-orientador: Prof. Carlos Nuno da Cruz Ribeiro Vogais: Prof. Rodrigo Seromenho Miragaia Rodrigues Setembro de 2007 Abstract As Internet becomes more and more ubiquitous, security is an increasingly important topic. Furthermore, private networks are expanding and security threats from within the network have to be cautioned. For these large networks, which are generally high-speed and with several segments, Intrusion Detection System (IDS) placement usually comes down to a compromise between investment and monitoring ability. One common solution in these cases, is to use more than one IDS scattered across the network, thus raising the amount invested and administrative power to operate. Another solution is to collect data through sensors and send it to one IDS via an Ethernet hub or switch. This option normally tends to overload the hub/switch port where the IDS is connected. This document presents a new solution, for networks with a star topology, where a single IDS is coupled to the network’s core router. This solution allows the IDS to monitor every different network segment attached to the router in a round-robin fashion. Practical implementation issues and operational implications of this solution are also analyzed and discussed. Keywords: Intrusion Detection Systems,Security Analysis, High-speed Networks, Switch-based Networks. i Resumo À medida que a Internet se torna cada vez mais acessível, a segurança é cada vez mais um tópico muito importante.
    [Show full text]
  • U|Xahbeigy03102ozxv+:'
    U|xaHBEIGy03102ozXv+:' LINUX JOURNAL STORAGE RAID | LVM2 | Kioslaves | Fish | Konqueror | SSHFS | Tripwire | Gambas JUNE 2006 ISSUE 146 JUNE 2006 CONTENTS Issue 146 storage FEATURES 52 RECOVERY OF RAID AND LVM2 VOLUMES 64 SSHFS: SUPER EASY FILE ACCESS OVER SSH When there’s something strange in your LVM, who you gonna call? SSH does more than just provide safe communications. Richard Bullington-McGuire Matthew E. Hoskins 58 NETWORK TRANSPARENCY WITH KIO ON THE COVER Konqueror is a slave to fishing. Or at least it has one. • Dual Booting with Finesse, p. 89 Jes Hall • RAID and LVM2 Data Recovery, p. 52 62 YELLOW DOG LINUX INSTALLS NEATLY ON AN IPOD • SSH Is Not Just a Secure Shell, p. 64 Take one Mac, insert iPod, boot Linux. • Fish for Data with KIO, p. 58 Dave Taylor • Boot Linux with an iPod, p. 62 COVER PHOTO: JOHN LAMB/STONE+/GETTY IMAGES 2 | june 2006 www.linuxjournal.com JUNE 2006 CONTENTS Issue 146 COLUMNS INDEPTH 24 REUVEN M. LERNER’S 68 AN INTRODUCTION TO GAMBAS AT THE FORGE Will VB refugees gamble on Gambas? Google Maps Mark Alexander Bain 28 MARCEL GAGNÈ’S COOKING WITH LINUX If Only You Could Restore Wine 34 DAVE TAYLOR’S WORK THE SHELL Coping with Aces 38 MICK BAUER’S PARANOID PENGUIN Security Features in Red Hat Enterprise 4 76 HOW TO SET UP 89 THE ULTIMATE LINUX/WINDOWS SYSTEM AND USE TRIPWIRE Don’t let intruders go unnoticed. Marco Fioretti 80 THE WORLD IS Next Month A LIBFERRIS FILESYSTEM libferris can make your toaster look like a filesystem.
    [Show full text]
  • Towards Least Privilege Principle: Limiting Unintended Accesses in Software Systems
    Towards Least Privilege Principle: Limiting Unintended Accesses in Software Systems by Beng Heng Ng A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science and Engineering) in The University of Michigan 2013 Doctoral Committee: Professor Atul Prakash, Chair Professor Kang G. Shin Associate Professor Vineet R. Kamat Associate Professor Zijiang James Yang c Beng Heng Ng 2013 All Rights Reserved For my wife, Haoyi, and daughter, Reann. ii ACKNOWLEDGEMENTS The journey towards writing this thesis had not been an easy one, and I will forever be indebted to the kind people around me for their guidance and support. This thesis would not have materialize without the unrelenting support, enormous patience, and encouragement of my advisor, Prof. Atul Prakash. He has taught me the importance of rigorous research methodologies, critical thinking, as well as the need to always keep an open mind. His advice was not limited to science, but also included life, especially during one of the most challenging periods in my life. I am also extremely grateful to Prof. Shin, Prof. Kamat, and Prof. Yang, for their invaluable suggestions, perspectives and insights, which have helped shape this thesis. I also thank my previous and current colleagues, Billy Lau, Hu Xin, Alex Crowell, Earlence Fernandes, and Ajit Aluri, for the numerous intense and thought-provoking discussions. I gratefully acknowledge the funding provided by the Government of Singapore, thus allowing me to focus on my research that leads to this thesis. Above all, I would like to thank my wife, Hao Yi, for putting her dreams on hold so that I can go after mine.
    [Show full text]
  • Unix Administration
    Unix Administration Guntis Barzdins Linux System Administration SYS ADMIN TASKS Setting the Run Level System Services User Management Network Settings Scheduling Jobs Quota Management Backup and Restore Adding and Removing software/packages Setting a Printer Monitoring the system (general, logs) Monitoring any specific services running. Eg. DNS, DHCP, Web, NIS, NPT, Proxy etc. Have you used UNIX before? • Which OS did Apple choose when it needed a stable OS layer for its Mac OSX? • Which OS made the biggest impact to the online lives as you know it today? Process Manipulation Once you run a program (e.g. vi, myprog,...), that program will suspend the terminal you called it in (the terminal will not be receiving input from you). You can start the program in the background to avoid this: myprog & You can suspend a program that is running and send it to background, if you already started it: Ctrl-z (to suspend) bg (sends the suspended program to the background) ps (show running processes) top (monitor running processes) kill (kill processes) & (send process to background) bg (send process to background) fg (get process from background) Ctrl+c (terminate process) C l+ ( d ) Intrusion Detection System (IDS) Open Source Tripwire – is a file integrity- checking program for UNIX/Linux operating systems Host-based Software that alerts you when important files change Tripwire keeps a hash value for each designated file When a file is altered/deleted, tripwire will have a new hash value that is different than the original Replaced by more advanced HIDS: OSSEC, Samhain, AIDE Tripwire tutorial in a slide Initial setup download / build / install it modify policy file (e.g.
    [Show full text]