Proposal Presentation
-
Upload
johnsondon -
Category
Documents
-
view
220 -
download
0
Transcript of Proposal Presentation
![Page 1: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/1.jpg)
Wireless Intrusion Detection & Response
ECE 4006 Group 2:Seng Ooh TohVarun KanotraNitin Namjoshi
Yu-Xi Lim
![Page 2: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/2.jpg)
Contents Project Description & Demo Competitors & Market Building Blocks & Project Timeline Challenges, Risks and Difficulty Level Product Testing Hardware and Software
Requirements
![Page 3: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/3.jpg)
Project Description
![Page 4: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/4.jpg)
What is the product? An access point which can detect
intruders and take counter measures Detection of Netstumbler Blocking / Jamming Netstumbler without
affecting network performance Product will be open source and will
integrate several available technologies
![Page 5: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/5.jpg)
Project Demo Several computers on a wireless
network Wireless network intruder using
Netstumbler Three Phases
Network setup Netstumbler and intrusion Intrusion detection and counter
measures
![Page 6: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/6.jpg)
Phase I – Network Setup 2-3 Linux machines setup with an
access point to form a 802.11b network
Data (packets) routed from linux machines to each other through AP
Access point monitor used to detect source and destination of packets passing through the access point
![Page 7: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/7.jpg)
Phase II – Intrusion Intrusion detection and jamming
turned off Netstumbler used to access
information on the wireless network
Netstumbler captured packet information shown
![Page 8: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/8.jpg)
Phase III – Intrusion Detection & Counter Measures Netstumbler packet detection Blocking of Netstumbler packets,
RF jamming or fake AP barrage Data rate on wireless network
measured w/ and w/o counter measures
![Page 9: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/9.jpg)
User Interface Focus on proving the concept Open source allows end users to
develop UI according to their needs
Basic text-based user interface for testing, debugging and demo
![Page 10: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/10.jpg)
Competitors & Market
![Page 11: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/11.jpg)
Competitors Fake AP – Product developed by
Black Alchemy. Used for flooding the wireless
network with false AP beacon packets.
Netstumbler gets overwhelmed with thousands of access points.
Open Source, supported by linux.
![Page 12: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/12.jpg)
Competitors (contd.) Air Defense – Enterprise/Military
wireless intrusion detection system. Sold as a complete system which
includes AirDefense sensors, server appliance.
Does not take action against intruder, just monitors the network, and informs the administrator of any suspicious activity.
![Page 13: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/13.jpg)
Price Fake AP is a freeware. Available
at: http://www.blackalchemy.to/Projects/fakeap/fake-ap.html
AirDefense system costs between $19,000 to $25,000.
![Page 14: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/14.jpg)
Our Product No product in the market today
combines both Intrusion detection and response.
Our product shall be freely available.
This makes product unique and attractive to potential users.
![Page 15: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/15.jpg)
Building Blocks Setup – Installing network cards on
two linux machines, installing HostAP drivers, installing wireless sniffers, packet sniffer libraries.
Detect NetStumbler – recognize netstumbler signature, UI design for reporting malicious activity.
![Page 16: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/16.jpg)
Building Blocks (contd.) Counter-measures – - Logging event information (MAC, time,
physical location)- Sending bogus AP information.- DoS
Port to Open AP – combine detection and countermeasure and run it on an AP.
![Page 17: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/17.jpg)
Building Blocks (contd.) OpenAP PC interface – write a TCP
sockets client-server program.
Allow network administrator to remotely configure and acquire information from Access Point.
![Page 18: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/18.jpg)
Projected Timeline 12 weeks to complete.
![Page 19: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/19.jpg)
Task Assignments
![Page 20: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/20.jpg)
Challenges, Risks and Difficulty Level
![Page 21: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/21.jpg)
Initial Setup – Challenges and Difficulty Lack of resources for experimental
drivers Recompilation of kernel and other
support packages Compatibility and interoperability
of hardware
![Page 22: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/22.jpg)
Initial Setup - Risk Project could be severely delayed
if we are plagued with compatibility issues
Incompatible hardware might require extra expenses to get different cards
![Page 23: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/23.jpg)
Wardriving Detection – Challenges and Difficulty Limited storage memory Libpcap vs. low-level syscalls Development of algorithm for
heuristic Wardriving detection
![Page 24: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/24.jpg)
Wardriving Detection – Risks Inability to differentiate between
Wardriver and legitimate client renders module useless
Forced to resort to low-level syscalls without availability of experimental driver documentation
![Page 25: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/25.jpg)
Countermeasure – Challenges and Difficulty Limited storage memory Countermeasures without affecting
normal network performance Discovering new denial-of-service
attacks attains Wardriving client
![Page 26: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/26.jpg)
Porting to Access Point Different development framework Inaccessibility of access point Limited debug tools
![Page 27: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/27.jpg)
Product Testing
![Page 28: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/28.jpg)
Stage 1 : Wardriver Detection Reliable Wardriver detection Does not pick up legitimate traffic
from a variety of wireless cards Logging
![Page 29: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/29.jpg)
Stage 2 : Countermeasure Executed in parallel with Stage 1 Sufficiently confuses Wardriver Disables Wardriver Does not affect normal network
traffic
![Page 30: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/30.jpg)
Stage 3 : Access Point Remote deployment Durability (uptime) Status monitored remotely
![Page 31: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/31.jpg)
Hardware and Software Requirements
![Page 32: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/32.jpg)
Hardware Required 2x Linksys Wireless PC Card 1x Orinoco Gold Wireless Card 2x PCI-PC Card adapter USR 2450 Access Point Pretec 4MB Linear Mapped Card
![Page 33: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/33.jpg)
Software Required Host AP Open AP Net Stumbler Ethereal Other scanners Other sniffers
![Page 34: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/34.jpg)
Parts Designed and Adapted
![Page 35: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/35.jpg)
Parts Adapted or Reused Host AP Open AP Fake AP
![Page 36: Proposal Presentation](https://reader036.fdocuments.in/reader036/viewer/2022062515/55d51f8dbb61eb94578b466b/html5/thumbnails/36.jpg)
Parts Designed Intrusion detection algorithm Integration on Host AP Integration on Open AP