by: paul albert. project description design protocols user profiles deliverables timeline ...

Attack of the ZombiesDiscovering and Mitigating Bots and Botnets

By: Paul Albert

Project Description Design Protocols User Profiles Deliverables Timeline Budget Demonstration Conclusion

Overview

This project creates an easy-to-implement, accurate, and low-cost solution for discovering, mitigating, and reporting bots and botnet activity on a network, along with many other types of malicious network attacks

Small businesses to large companies Flexible Scalable

Project Description

Solution Diagram

Server 3

Server 2

Server 1

Switch 1

Internet

Snort IDSPC 1

PC 2

PC 3

Switch 2

Firewall

Router

Snort IDS Snort IDS

Solution Flowchart

Start Snort

Start Barnyard2

Snort Log File

Snort Configuration File

(snort.conf)

Barnyard2 Configuration File (barnyard.waldo)

BASE

Update Snort and System

Install Ubuntu

Perl ScriptInstall Snort IDS

and Other Packages

Perl Script

Ubuntu – Version 9.10 Snort IDS – Version 2.8.6

◦ IPS Functionality MySQL Basic Analysis and Security Engine (BASE) Barnyard2 – Version 2.1.8 Perl VirtualBox – Version 3.1.2 Windows XP BackTrack 4

Software Utilized

Can vary based on the size of the network Ownership of process Installation

◦ Knowledge to implement solution Maintenance of IDS and BASE

◦ Knowledge to troubleshoot IDS and BASE◦ Knowledge to script in Perl

Analysis of IDS and BASE Receiving and responding to alerts

User Profiles

VirtualBox Install Intrusion Detection System (IDS) Setup

◦ Installation of required software◦ Configuration of required software

Basic Analysis and Security Engine Setup Mitigation Scripting

◦ Perl script to assist with install process Testing

◦ Test to make sure IDS is functioning properly

Deliverables

Timeline9/23/2009 10/28/2009 12/2/2009 1/6/2010 2/10/2010 3/17/2010 4/21/2010 5/26/2010 6/30/2010

Research

Proposal

VirtualBox Setup

IDS Setup

MySQL Setup

BASE Setup

IDS Configuration

Scripting

Mitigation

Testing

Tech Expo

Final Presentation

Budget

Item Estimated Cost Actual CostVirtualBox 3.1.2 Free FreeDesktop Computer Free $1,000.00Windows XP Professional Free $299.99Ubuntu 9.10 Free FreeSnort IDS Free FreeSnort Subscription $29.99 $499.00MySQL Free FreeBASE Free Free

Total $29.99 $1,798.99

Demonstration

There is a need for small, medium, and large sized companies to be able to detect and/or mitigate, and report on malicious activity

Reporting features Easy-to-implement Accurate Low-cost

Conclusion

Questions?