Kenan Ahmed Siddiqi (2004-02-0080) Farhan Arif (2004-02-0053) Intrusion Detection System Want an implementation of a simple IDS Simulation of an attack; How does your IDS foil it Comparison of your IDS with the one available in market Overview Ever since the proliferation of data networks, security has been a major threat. In order to analyze security threats, IDS play a pivotal role. They are simple in the sense that they can help detect attempts or successful intrusions. Their biggest asset is the capability of customization. If properly configured, IDS can help save a lot of compromised resources which might result due to a breach in security. Design This project would span various aspects of network security based on IDS. These would include: 1. 2. 3. 4. Traffic analysis of a vulnerable network Traffic analysis of a compromised network Mechanics of hacking tools and software Study of how effective IDS are in detecting and helping control network security 5. Signature formations based on well-known tools 6. Implementation of a sample IDS OR Case Study: Proposed IDS solution for the LUMS Hostels network Mechanics The above listed steps would involve a systematic approach. This is a brief outline of how we would carry out our tests and research. The actual performance may vary based on the practicality of the proposed steps. a) Traffic analysis of a vulnerable network – this would comprise of the study of the traffic patterns of a vulnerable network. It would also 1/3 Kenan Ahmed Siddiqi (2004-02-0080) Farhan Arif (2004-02-0053) help determine “baseline” statistics for the network traffic. It would be carried out using some sort of packet sniffer. b) Traffic analysis of a compromised network – this would be the study of a compromised network’s traffic patterns. It would help identify the impact on the network traffic which results due to attempted and successful intrusions. It would be mainly used to contrast how affected networks performance is also affected by undetected intrusions. c) Mechanics of hacking tools and software – finding hacking software and tools for the purpose of testing a network’s security. It would allow us to select IDS and configure them based on the attacks and exploits performed by the afore-mentioned software/tools/hacks. For this purpose, we would probably use software like BackOrifice and NetBus. d) Study of how effective IDS are in detecting and helping control network security – this would be to justify the use of IDS in a corporate data network. It would involve first-hand usage of IDS which are available. In order to realize what a good IDS is, a practical usage is the best thing. Scans and intrusion attempts would be made across the network to check if the IDS indeed detects them or not. If not, steps to remedy the problem can be suggested. e) Signature formations based on well-known tools – this step would be taken for the purpose of establishing a custom signature or patterns file for any IDS we might want to customize. It would also help us to configure our own IDS. f) Implementation of a sample IDS – this would be the building of our own custom-made IDS for a few simple rules. An implementation would help us to see what goes in the making of an IDS, and how exactly can it be optimized. OR Case Study: Proposed IDS solution for the LUMS Hostels network – For this purpose, we will examine the current security policy for the 2/3 Kenan Ahmed Siddiqi (2004-02-0080) Farhan Arif (2004-02-0053) Hostels network and then suggest which IDS solution with which rules would be most viable. Deliverables Since our project features mostly research, we would be submitting reports of our findings at the end of each module/phase. The only exception would be the implementation phase where we would also be submitting code for the actual IDS. Timeline Traffic analysis of a vulnerable network ( 31st of Dec. ) Traffic analysis of a compromised network ( 7th of Jan. ) Mechanics of hacking tools and software ( 15th of Jan. ) Study of how effective IDS are in detecting and helping control network security ( 20th of Jan. ) 5. Signature formations based on well-known tools ( 4th of Feb. ) 6. Implementation of a sample IDS OR Case Study: Proposed IDS solution for the LUMS Hostels network ( 4th of Feb. ) 1. 2. 3. 4. 3/3