RESEARCH POSTER PRESENTATION DESIGN © 2012

www.PosterPresentations.com

Introduction

To create a system that will allow individual hosts on a LAN to protect themselves from known attackers and malicious files on the network at no cost. The system should be available to provide updated security information at the host’s request in order to maintain a more secure network.

Objective Methods

Conclusion

All planned and desired features of this project were implemented successfully. No major risks were encountered throughout development. Creating the Group Monitoring System called upon all of the computer science skills learned at Hofstra University and allowed both of us to better advance our network security and system development skills.

Future plans for our system can include the use of the host protection script as a downloadable file for network connected hosts to offer adaptive and efficient security. Additional features may include a interactive GUI web server interface for network security monitoring, further customization.

Acknowledgements & Contact Information

Special thanks to:• Dr. Xiang Fu, our faculty advisor, for his support, and technical

guidance throughout the development of this project.• Alex Rosenberg , Systems Administrator, for his technical

assistance throughout the implementation of this project.• Hofstra University Computer Science Department faculty and

staff for their continued support and encouragement.

We may be contacted via email at:George R. – groussis1@pride.hofstra.edu

Kendra C. – kcampbellmccalla1@pride.hofstra.edu

FacultyAdvisor:Dr.XiangFuSpring2017

GeorgeRoussis &KendraCampbellHoneypotBasedGroupMonitoringandProtectionSystem

System Design

Results

Implementation

The system design of this project is split into four main components:

HoneypotsCollects the internet protocol address (IP) of attackers who upload binary executable files and the MD5 checksum of the file to then report to server

AttackersExploit a known vulnerability on the honeypot to upload a binary executable file

Webserver & DatabaseStores information reported by authenticated honeypots in the database. Provides IP and checksum data from all honeypots to hosts.

HostsRequest data from the server and perform security functions based on the data on their individual machines

[1] “ENISA Honeypot Exercise,” Enisa.europa.eu. European Network and Information Security Agency, 08-Oct-2012.[2] M. Rouse, “What is exploit? - Definition from WhatIs.com,” SearchSecurity. [Online]. Available: http://searchsecurity.techtarget.com/definition/exploit. [Accessed: 05-May-2017].[3] T. Grudzieck, Ł. Juszczyk, and P. Kijewski, “Honeypots CERT Exercise Handbook,” enisa.europa.eu. European Network and Information Security Agency , 08-Oct-2012.[4] "Vulnerability - Vulnerabilities Scanning | Symantec". Us.norton.com. N.p., 2017. Web. 5 May 2017.[5] L. Spitzner, “The Value of Honeypots, Part One: Definitions and Values of Honeypots,” symantec.com, 09-Oct-2001. [Online]. Available: https://www.symantec.com/connect/articles/value-honeypots-part-one-definitions-and-values-honeypots. [Accessed: 05-May-2017].

Background

Antivirus protection can get costly and has to be renewed

Component Description

Each component had to fulfill the following tasks:

Tasks

Attacker Honeypot

Host Server & Database

T1: Upload binary executable file onto honeypot by exploiting honeypot vulnerability

T1: Continuously monitor database to detect when attack has occurredT2: Continuously report new attack information to server

T1: Request data from server based on date and time it was addedT2: Block IP addresses of attackersT3: Search for and delete uploaded files using known MD5 checksum

T1: Authenticate honeypots requesting to submit dataT2: Add all unique data from each honeypot to databaseT3: Provide host

• Vulnerability – flaws in a computer software that create weaknesses in the overall security of the computer or network

• Exploit – an attack on a computer system that takes advantage of a specific vulnerability to gain entry to the system

• Honeypot – a resource whose value lies in being attacked or compromised. System is left purposely vulnerable in anticipation it will be probed, attacked, and exploited

Vulnerability Exploit

References

• IPtables – tool on Linux for configuring firewalls

• Local area network (LAN) – a network that connects a group of computers and devices using a common communication line. Hosts on the same LAN can communicate directly without going through a router and its firewall

INTERNET

Updates are available when the company’s decide to release themSome people do not use any type of virus protection software and can be a threat to a network

Binary files on host before system begins

Checksums received from server used for filesystem scan

Binary files on host after system runs

Honeypot Authentication and Reporting

Honeypot Exploitation - Metasploit

Attacker unable to reach host

Database’s RoleTable Data Fields Purpose

Table 1 Honeypot IP, public key

Encrypt/decrypt data using honeypot’s public key

Table 2 Request ID, requester IP, request time, challenge number

Track who requests to submit data to server and determine who is allowed to submit data

Table 3 bad IP, bad checksum, time added

Provide hosts with data collected from all honeypots based on time added

*PHP cURL library used for communication between honeypots, server, and host components

Vulnerability on honeypotHoneypot’s IP

Attacker’s IP