ก ก An Automate Log Analyzer for Digital Forensic Investigation. ก Mongkol Pirarak ก ก 2553
|
|
|
- จักรี ชินวัตร
- 8 years ago
- Views:
Transcription
1 ก ก An Automate Log Analyzer for Digital Forensic Investigation ก Mongkol Pirarak ก ก ก ก ก ก 2553
2 ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Automated Log Analyzer) ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก I
3 ก ก ก ก ก ก ก ก ก.. ก ก ก ก ก ก ก ก ก ก ก II
4 ... I ก ก ก... II... III... V... VI กก ก ก ก ก ก ก (Forensics Framework) ก ก (Preparation) ก (Detection) ก ก ก (Incident response) ก ก (Collection) ก ก ก (Preservation) ก (Examination) ก (Analysis) ก (Investigation) ก (Presentation) Dynamic Forensics ก ก ก ก ก ก ก ก ก ก ก (Preserve Evidence) ก ก III
5 ( ) 3 ก ก ก ก Log Agent Collection Preservation Data Processing Formalization Comparison Presentation ก ก ก ก ก ก ก ก ก IV
6 1.1 ก ก... 3 V
7 2.1 ก ก ก ก ก ก ก (Framework) ก ASCII Spider Base64 Encodeing ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก (FTP) ก ก ก ก (FTP) ก ก ก (FTP) ก กก (FTP) ก ก กก (FTP) ก Advanced Port Scanner v ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก VI
8 1 1.1 กก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 1.2 ก ก ก ก ก ก ก ก ก ก ก ก ก ก [1-3] ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก กก ก (Forensic Frameworks) - ก ก ก 1
![2 ก ก ก ก ก ก ก ก ก ก ก ก ก ก [1-3] ก ก ก ก ก ก ก ก ก ก](/docs-images/43/8351647/images/page_8.jpg "ก ก ก ก ก ก ก ก ก ก 3 - ก กก ก (Forensic Frameworks) - ก")
9 - ก ก ก ก ก - ก ก ก ก กก ก - ก ก - ก ก - ก ก - ก ก ก ก ก ก ก - ก - กก ก - ก - ก ก ก - ก ก 2
10 1.6 ก 1.1 ก ก ก ก กก Forensics Framework ก Forensics Framework ก Framework ก ก Framework ก ก Framework ก ก ก ก ก Forensics Framework ก ก ก... ก ก.. 3
11 2 ก ก ก 2.1 ก (Forensics Framework) ก ก (Network Forensics) ก ก (Digital Forensics) Digital Forensic Research Workshop (DFRW) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก (Dynamic Forensics) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Instrusion Forensics) ก กก กก ก ก ก (System Log) ก ก (Log) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก [2] 4
12 2.1 ก ก ก [1] 2.1 ก ก ก ก ก ก ก [1] ก ก (Preparation) ก ก ก (Sensor) ก ก ก ก (Firewall) ก ก ก ก ก (Detection) ก ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก TCPDump [7] Wireshark [8] pads [9] Sebek [10] ntop [11] P0f [12] Bro [13] Snort [14] ก ก ก (Incident response) ก ก ก ก ก ก ก ก ก ก ก ก ก ก 5
![Wireshark [8] pads [9] Sebek [10](/docs-images/43/8351647/images/page_12.jpg "] ntop [11] P0f [12] Bro [13] Snort [14] 2.1.3 ก ก ก (Incident response) ก ก ก ก ก ก ก ก ก ก ก ก ก ก 5")
13 ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Collection) ก ก ก กก ก ก ก ก ก ก ก ก TCPDump Wireshark TCPFlow [15] NfDump [16] pads Sebek TCPReplay [17] Snort Bro ก ก ก (Preservation) ก ก ก ก ก ก ก ก ก HASH ก ก ก ก TCPDump Wireshark TCPFlow NfDump pads Sebek TCPReplay Bro Snort ก (Examination) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก TCPDump Wireshark TCPFlow Flow-tool [18] NfDump pads Argus [19] Nessus [20] Sebek TCPTrace [21] ntop TCPStat [22] NetFlow [23] TCPDstat [24] Ngrep [25] TCPXtract [26] TCPReplay P0f Nmap [27] Bro Snort ก (Analysis) ก ก ก ก ก ก ก ก ก ก ก ก ก DNS packet fragmentation ก TCPDump Wireshark TCPFlow Flow-tool NfDump pads Argus Nessus Sebek TCPTrace ntop TCPStat NetFlow TCPDstat Ngrep TCPXtract TCPReplay P0f Nmap Bro Snort 6
![TCPDstat [24] Ngrep [25] TCPXtract [26] TCPReplay P0f Nmap [27] Bro Snort 2.1.](/docs-images/43/8351647/images/page_13.jpg "7 ก (Analysis) ก ก ก ก ก ก ก ก ก ก ก ก ก DNS packet fragmentation ก TCPDump Wireshark TCPFlow Flow-tool NfDump pads Argus Nessus Sebek TCPTrace ntop TCPStat NetFlow TCPDstat Ngrep TCPXtract")
14 2.1.8 ก (Investigation) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Presentation) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Real-time) ก ก ก ก ก ก ก ก ก ก ก ก (Preservation) 2.2 Dynamic Forensics [2] ก ก ก 3 ก (ก ก ก ก) ก ก ( ก ก) ก ( ก ก ก) ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Postmortem Forensics ก Static Forensics) ก ก ก ก (Real-time Forensics ก Dynamic Forensics) ก ก ก ก ก ก ก ก ก ก (Hacker) ก กก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Intrution Detection System) 7
15 IDS ก ก ก ก ก ก ก Dynamic Forensics ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก 2.3 ก ก ก [2] ก ก ก ก (Log on) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 4 ก ก ก ก ก 1.) ก (Log) ก ก ก ก ก ก ก 2.) ก ก (False Positive) ก ก (False Negative) ก ก ก ก ก ก ก 3.) ก ก ก (Multi-stage) ก ก ก ก ก (Host) ก 4.) ก ก ก ก ก ก ก ก ก ก ก 2.4 ก ก [2] ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก 8
![3 ก ก ก [2] ก ก ก ก (Log on) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก](/docs-images/43/8351647/images/page_15.jpg "4 ก ก ก ก ก 1.) ก (Log) ก ก ก ก ) ก ก (False Positive) ก ก (False Negative) ก ก ก ก ก ก ก 3.")
16 ก ก ก ก ก ก ก ก ก ก ก ก ก ก (False Alarm) ก ก ก ก ก ก ก ก ก กก ก ก ก ก (src dst signature) ก ก ก ก ก ก ก ก (Fourier transform) (F-test) ก ก 2.5 ก ก [2] ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 1.) ก ก 2.) ก ก ก 3.) ก 4.) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (On-line) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 2.6 ก ก ก ก (Preserve Evidence) [2] ก ก ก ก ก ก ก ก ก ก ก ก 9
![5 ก ก [2] ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 1.) ก ก 2.) ก ก ก 3.) ก 4.](/docs-images/43/8351647/images/page_16.jpg ") ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (On-line) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 2.")
17 ก ก ก ก (Digital Signature) ก ก ก (Electronic Transaction) ก ก ก ก ก ก ก (Timestamp) ก ก ก ก ก ก ก ก ก ก ก [2] 1.) (Module) ก ก ก ก Ev (Message Digest) Ev ก (Hash Function) ก ก 2.) HASH(Ev) (Private Key) KRa E KRa [HASH(Ev)] 3.) ก ก (Digital Timestamp Server) DTS Ts ก ( National Time Service Center (NTSC)) ก Ts ก E KRa [HASH(Ev)] 4.) E KRa [HASH(Ev)] Ts (Private Key) KRb E KRb [E KRa [HASH(Ev)] Ts] ก ก ก 10
![) HASH(Ev) (Private Key) KRa E KRa [HASH(Ev)] 3.](/docs-images/43/8351647/images/page_17.jpg ") ก ก (Digital Timestamp Server) DTS Ts ก ( National Time Service Center (NTSC)) ก Ts ก E KRa [HASH(Ev)]")
18 5.) E KRb [E KRa [HASH(Ev)] Ts] ก ก ก ก ก ก E KRb [E KRa [HASH(Ev)] Ts] ก Ev Ev E KRb [E KRa [HASH(Ev)] Ts] ก ก ก ก ก 2.7 ก ก [3] ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Packet Sniffing) ก ก ก กก ก ก ( ก ก ก ) (Web site) (FTP server) (Peer-to-peer) ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก - ก ก ก ก - ก ก - ก - ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 11
![7 ก ก [3] ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Packet Sniffing) ก ก ก กก ก ก ( ก ก ก ) (Web](/docs-images/43/8351647/images/page_18.jpg "site) (FTP server) (Peer-to-peer) ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก - ก ก ก ก - ก ก - ก - ก")
19 - TCP relaying/proxying - Onion routing - Anonymous r ing - Web anonymizers - IP spoofing - spoofing - compromised third party machines - session hijacking - DNS cach poisoning - Other main-in-the-middle attacks 2.8 ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 12
20 3 ก ก ก (Framework) ก ก ก ก กก ก ก ก ก ก ก ก 3.1 ก Mail Server Log Agent Web Server Presentation Log Agent Collection FTP Server Log Agent Preservation Comparison Formalization Firewall Log Agent RAW LOG DB Data Processing 3.1 (Framework) 3.1 ก (Forensics Framework) ก ก ก ก ก ก ก 13
21 3.2 ก ก ก ก ก ก ก ก ก ก 3.2 ก 3.2 ก ก ก ก ก ก ก 3.3 ก Log Agent ก ก ก ก Log Agent ก ก ก ก ก (Central Log) ก Syslog-ng [28] ก ก ก ก 14
22 3.3.2 Collection ก ก ก ก ก ก ก ก ก ก Syslog-ng ก ก ก ก ก ก ก ก (Central Log) Preservation ก ก ก ก ก ก ก ก ก ก ก ก ก AES (Advanced Encryption Standard) [29] ก ก SHA-1 sum [30] ก ก กก ก ก ก Data Processing ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก SHA-1 sum ก ก ก ก ก ก Formalization ก ก ก ก ก ก Data Processing ก กก ก Data Processing ก ก ก ก ก ก ก ก ก Base64 [31] ก ก ก ก ก ก ก ก ก ก ก Base64 ก ก ก Base64 ก Spider ก base64 ก ASCII ก ASCII Spider 15
23 ก 3.3 ASCII Spider ก 2 ก ก ก ก 10 ก base64 Base64 Encoding Base64 Encodeing Spider base64 ก U3BpZGVy Comparison ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก SHA-1 sum ก SHA-1 sum ก ก Data Processing Presentation ก ก ก ก ก ก ก ก ก ก ก ก ก ก 16
24 3.4 กก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 17
![4 ก ก 4.1 ก ก ก ก ก ก ก 3 ก ก ก ก ก ก ก ก ก ก ก ก ก Chen Lin, Li Zhitang, Gao Cuixia [2] 4.](/docs-images/26/8351647/images/25-0.png "2 ADSL Static Link R1 Link 1 Link 2 R2 Astaro Firewall Central Log FTP server Web server 4.")
25 4 ก ก 4.1 ก ก ก ก ก ก ก 3 ก ก ก ก ก ก ก ก ก ก ก ก ก Chen Lin, Li Zhitang, Gao Cuixia [2] 4.2 ADSL Static Link R1 Link 1 Link 2 R2 Astaro Firewall Central Log FTP server Web server 4.1 ก ก 18
26 4.1 ก ก ก ก ก (Web Server) FTP Server ก 4.3 ก ก ก ก - Router 2 - Firewall 1 - FTP and Web Server 1 - Central Log 1 - Access Point 1 - Switch 3 com 1 Router 2 R1. ADSL router dynamic IP - Link bandwidth 10Mbps - PPPOE mode - IP address : /24 R2. ADSL router static IP - Link bandwidth 2Mbps - Bridge mode Astaro Firewall 1 1. Interface eth1 (Link 1) Mode : NAT Type : Ethernet Standard IP address IP Interface Wan : Net mark : Gateway : DNS : : Interface eth2 (Link 2) Mode : NAT Type : DSL (PPPOE) 19
27 IP address IP Interface Wan : Net mark : Gateway : DNS : : Interface eth0 (Internal Network) Type : Ethernet Standard IP Interface Wan : Net mark : Policy of Firewall Packet Filter Source Internal Network Services 23, 25, 53, 443, 110 Destination Any Network Address Translation (NAT) Traffic Source any Traffic Service 80,443 Traffic Destination NAT mode DNAT Destination Web Server Proxy web cache Mode Transparent Source Internal Network Services http, ftp FTP and Web Server 1 OS Ubuntu Service FTP (VSFTP) httpd, https Domain name Central Log 1 OS CentOS 5.5 Service Syslog-ng 20
28 Access Point 1 Product Mode Linksys wrt54gl AP Mode Switch 3 com 1 Product HP V G Switch Role Layer 2 Access switch ก ก ก ก ก ก (Central Log) ก ก ก Syslog-ng [28] ก ก ก ก ก ก ก ก Linux Ubuntu LTS apt-get install syslog-ng ก ก ก ก ก syslog-ng ก /etc/syslogng/syslog-ng.conf ก ก #Create source source s_vsftp { file("/var/log/vsftpd.log"follow_freq(1) ); }; source s_httpd { file("/var/log/apache2/access.log"follow_freq(1) ); }; #Create destination destination d_logserver1{ tcp(" " port(10513)); }; destination d_logserver2{ tcp(" " port(10514)); }; #Sent log log { source(s_vsftp); destination(d_logserver1); }; log { source(s_httpd); destination(d_logserver2); }; ก ก ก Restart Service /etc/init.d/syslog-ng restart 21
29 /etc/init.d/syslog-ng restart * Stopping system logging syslog-ng [ OK ] * Starting system logging syslog-ng[ OK ] ก ก ก ก ก ก ก ก Linux CentOS 5.5 ก ก #rpm ivh syslog-ng rhel5.i386.rpm ก ก ก /opt/syslog-ng/etc/syslog-ng.conf sources_remote { tcp(ip( ) port(514) max-connections(100)); udp(ip( ) port(514)); }; source s_remote2 { tcp(ip( ) port(10514) max-connections(100)); udp(ip( ) port(10514)); }; source s_remote3 { tcp(ip( ) port(10513) max-connections(100)); udp(ip( ) port(10513)); }; filterf_asgfirewall { host(" "); }; filterf_webftp { host(" "); }; filterf_web { host(" "); }; destinationd_astaro { file("/export/centrallog/raw/asg.log" owner("root") group("root") perm(0644) dir_perm(0755) create_dirs(yes) ); }; 22
30 destinationd_ftp { file("/export/centrallog/raw/vsftpd.log" owner("root") group("root") perm(0644) dir_perm(0755) create_dirs(yes) ); }; destinationd_httpd { file("/export/centrallog/raw/httpd.log" owner("root") group("root") perm(0644) dir_perm(0755) create_dirs(yes) ); }; log{ source(s_remote); filter(f_asgfirewall); destination(d_astaro); }; log{ source(s_remote2); destination(d_httpd); }; log{ source(s_remote3); destination(d_ftp); }; ก ก ก restart service #/etc/init.d/syslog-ng restart ก ก ก ก ก ก ก ก ก ก ก AES ก ก ก Script ก ก ก Openssl AES 128bit ECB openssl aes-128-ecb -in filename -k "password" -out filename.sec 23
31 /log-program/asg_moon ก ก ก ASG (Astaro Security Gateway) /log-program/httpd_moon ก ก ก (Apache Webserver) /log-program/vsftpd_moon ก ก ก /log-program/encryption-asg.sh ก ก /log-program/encryption-httpd.sh ก ก /log-program/encryption-vsftpd.sh ก ก /log-program/asg_moon #rotate90 /export/centrallog/raw/asg.log { rotate 90 compress dateext maxage 365 missingok create 640 root root prerotate /log-program/encryption-asg.sh endscript postrotate service syslog-ng restart >/dev/null 2>&1 true endscript } 24
32 /log-program/httpd_moon #rotate90 /export/centrallog/raw/httpd.log { rotate 90 compress dateext maxage 365 missingok create 640 root root prerotate /log-program/encryption-httpd.sh endscript postrotate service syslog-ng restart >/dev/null 2>&1 true endscript } 25
33 /log-program/vsftpd_moon #rotate90 /export/centrallog/raw/vsftpd.log { rotate 90 compress dateext maxage 365 missingok create 640 root root prerotate /log-program/encryption-vsftpd.sh endscript postrotate service syslog-ng restart >/dev/null 2>&1 true endscript } 26
34 /log-program/encryption-asg.sh #!/bin/sh #Script to encrypt log file #/export/centrallog/raw/ mkdir -p /export/centrallog/encrypt/$(date +%F) cd /export/centrallog/encrypt/$(date +%F) pass=isylzjko x=log_asg log_path=/export/centrallog/raw/asg.log #compress if [[ -a /export/centrallog/raw/asg.log ]] then #tar zcvf $x.tar.gz $log_path cp $log_path $x #encrypt openssl aes-128-ecb -in $x -k "$pass" -out $x.sec #hashing sha1path=/export/centrallog/encrypt/$(date +%F) sha1sum "$sha1path/$x".sec> sha1sum-$x #remove file rm -f $x fi 27
35 /log-program/encryption-httpd.sh #!/bin/sh #Script to encrypt log file #/export/centrallog/raw/ mkdir -p /export/centrallog/encrypt/$(date +%F) cd /export/centrallog/encrypt/$(date +%F) pass=isylzjko x=log_httpd log_path=/export/centrallog/raw/httpd.log #compress if [[ -a /export/centrallog/raw/httpd.log ]] then #tar zcvf $x.tar.gz $log_path cp $log_path $x #encrypt openssl aes-128-ecb -in $x -k "$pass" -out "$x".sec #hashing sha1path=/export/centrallog/encrypt/$(date +%F) sha1sum "$sha1path/$x".sec> sha1sum-$x #remove file rm -f $x fi 28
36 /log-program/encryption-httpd.sh #!/bin/sh #Script to encrypt log file #/export/centrallog/raw/ mkdir -p /export/centrallog/encrypt/$(date +%F) cd /export/centrallog/encrypt/$(date +%F) pass=isylzjko x=log_vsftpd log_path=/export/centrallog/raw/vsftpd.log #compress if [[ -a /export/centrallog/raw/vsftpd.log ]] then #tar zcvf $x.tar.gz $log_path cp $log_path $x #encrypt openssl aes-128-ecb -in $x -k "$pass" -out "$x".sec #hashing sha1path=/export/centrallog/encrypt/$(date +%F) sha1sum "$sha1path/$x".sec> sha1sum-$x #remove file rm -f $x fi 29
37 4.4 ก ก ก ก ก ก กก ก ก ก 3 ก ก, ก ก (FTP) ก ก ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก
38 4.3 ก 4.4 ก ก ก ก 4.4 ก ก ก ก log_httpd.sec ก ก SHA-1 sum ก ก ก 31
39 4.5 ก ก ก 4.5 ก ก ก ก ก ก 4.5 ก กก ก ก ก ก ก ก ก ก ก ก SHA-1 sum 4.6 ก กก ก 32
40 4.6 ก ก ก ก ก ก ก ก ก Check log ก ก ก ก ก SHA-1 sum ก SHA-1 sum ก 4.6 ก ก ก ก ก ก ก ก ก ก ก View log report ก ก 4.7 ก ก ก ก ก ก ก, ก 33
41 4.4.2 ก ก ก ก ก ก ก ก (FTP) url ftp:// ก ก ก (FTP) ก ก ก (FTP) ก ก ก ก ก ก ก ก ก ก (FTP) log_vsftpd.sec ก ก SHA-1 sum ก ก ก
42 4.10 ก ก ก ก (FTP) 4.11 ก ก ก (FTP) 4.11 ก ก ก (FTP) ก ก ก ก 4.11 ก กก ก ก ก ก ก ก ก ก ก ก SHA-1 sum 35
43 4.12 ก กก (FTP) ก 4.12 ก กก (FTP) ก ก ก ก ก ก ก Check log ก ก ก ก ก SHA-1 sum ก SHA-1 sum ก 4.12 ก ก ก ก ก ก ก ก ก ก ก View log report ก ก 4.13 ก กก (FTP) 36
44 4.13 ก กก (FTP) ก, ก ก ก ก ก ก ก ก ก (PortScan) ก ก Advanced Port Scanner v1.3 ก ก ก ก ก ก ก ก ก ก ก Advanced Port Scanner v1.3 ก ก ก ก ก Advanced Port Scanner v1.3 ก ก ก ก ก ก ก ก ก ก log_asg.sec ก ก SHA-1 sum ก ก ก
45 4.15 ก ก ก 4.16 ก ก 4.16 ก ก ก ก ก ก 4.16 ก กก ก ก ก ก ก ก ก ก ก ก SHA-1 sum 38
46 4.17 ก ก ก ก ก ก 4.17 ก ก ก ก ก ก ก ก ก Check log ก ก ก ก ก SHA-1 sum ก SHA-1 sum ก 4.17 ก ก ก ก ก ก ก ก ก ก ก View log report ก ก ก 2 ก ก ก ก ก (View ASG Packagefilter Log Report) ก ก ก 2 ก ก ก ก ก (View ASG IPS Log Report) ก ก ก ก 39
47 4.18 ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก, ก ก ก ก drop accept 40
48 4.20 ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Intrusion Prevention System) ก, ก ก 41
49 4.5 ก ก ก ก Chen Lin, Li Zhitang, Gao Cuixia [2] ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 4.6 ก ก ก ก ก ก ก ก ก ก ก ก ก 42
50 5.1 5 ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 2 ก ก ก ก ก ก ก ก ก ก ก ก กก ก 5.2 ก ก ก ก ก IPSec VPN, SSL VPN ก ก ก ก ก ก 43
51 ก [1] E. S. Pilli, R.C.Joshi,R. Niyogi. Network forensic framework:survey and research challenges. Digital Investigation(2010), doi: /j.diin [2] C. Lin, L. Zhitang, G. Cuixia. Automated Analysis of Multi-source Logs for Network Forensics First International Workshop on Education Technology and Computer Science. DOI /ETCS [3] B. J. Nikkel. Generalizing sources of live network evidence. Digital Investigation (2005) 2, doi: /j.diin [4] B. J. Nikkel. A portable network forensic evidence collector. Digital investigation (2006) 3, doi: /j.diin [5] H. Ming, S. LiZhong. A New System Design of Network Invastion Forensics Second International Conference on Computer and Electrical Engineering. DOI /ICCEE [6] N. Kittirungruang, P. Limmaneewichid, and S. Kungpisdan, Design and Development of An Event Log Server for Microsoft Windows, to appear at the 2 nd ECTI- Conference on Application Research and Development 2010 (ECTI-CARD2010), Pattaya, Thailand, May 2010 [7] Tcpdump, [8] Wireshark, [9] pads, [10] Sebek, [11] ntop, [12] P0f, [13] Bro, [14] Snort, [15] TCPFlow, [16] NfDump, 44
52 ก ( ) [17] TCPReplay, [18] Flow-tools, [19] Argus, [20] Nessus, [21] TCPTrace, [22] TCPStat, [23] NetFlow, [24] TCPDstat, [25] Ngrep, [26] TCPXtract, [27] Nmap, [28] Syslog-ng, [29] AES (Advanced Encryption Standard), [30] SHA-1, [31] Base64, 45
53 ก ก M.Pirarak and S.Kungpisdan, An Automate Log Analyzer for Digital Forensic Investigation, to appear at The Journal of Information Science and Technology, Vol. 2, No. 1, Jan June,
54 ก ก ก An Automated Log Analyzer for Digital Forensics Investigation ก 1 ก ก 2 ก mpirarak@yahoo.com 1 supakorn@mut.ac.th 2 ABSTRACT In this paper, we propose a study and development of an automated log analyzer in order to acquire critical evidence of crime and find potential suspects. We analyze several existing network forensics models and propose a new model for automated log analyzer that can provide and summarize necessary evidence. We create a prototype of the proposed model. The results of our implementation show that the proposed model can assist users analyze and report evidence for forensics investigation. KEY WORDS: Network forensics, log analysis, digital forensics, intrusion detection ก ก ก ก (Automated Log Analyzer) ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก, ก ก, ก ก, ก ก ก ก 1. ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก [1, 2, 3, 4] ก ก ก ก ก ก ก ก ก ก ก ก Lin et al. [2] ก ก ก ก (Raw Log) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก
55 ก ก ก ก ก ก ก ก ก ก ก ก ก 2 ก 3 ก ก 4 ก ก ก ก 5 ก 6 2. ก ก (Network Forensics) ก ก (Digital Forensics) Digital Forensic Research Workshop (DFRW) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก (Dynamic Forensics) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Intrusion Forensics) ก กก กก ก ก ก (System Log) ก ก (Log) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก [2] 1 ก ก ก [1] 1 ก ก ก ก ก ก ก [1] ก ก ก 2.1 ก ก (Preparation) ก ก ก (Sensor) ก
56 ก ก ก (Firewall) ก ก ก ก 2.2 ก (Detection) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก TCPDump [7] Wireshark [8] pads [9] Sebek [10] ntop [11] P0f [12] Bro [13] Snort [14] 2.3 ก ก ก (Incident Response) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 2.4 ก ก (Collection) ก ก ก กก ก ก ก ก ก ก ก ก TCPDump Wireshark TCPFlow [15] NfDump [16] pads Sebek TCPReplay [17] 2.5 ก ก ก (Preservation) ก ก ก ก ก ก ก ก ก (Hash) ก ก ก ก TCPDump Wireshark TCPFlow NfDump pads Sebek TCPReplay Bro Snort 2.6 ก (Examination) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก TCPDump Wireshark TCPFlow Flow-tool [18] NfDump pads 2.7 ก (Analysis) ก ก ก ก ก ก ก ก ก ก ก ก ก DNS packet fragmentation ก ก TCPDump Wireshark TCPFlow Flow-tool NfDump pads 2.7 ก (Investigation) ก ก ก ก ก ก ก
57 ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 2.8 ก (Presentation) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก (Real-time) ก ก ก ก ก ก ก ก ก ก ก ก (Preservation) 3. ก ก ก (Log on) ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 3.1 ก ก ก ก 2 ก ก ก ก ก (Agent) ก ก ก (Log) ก ก ก ก กก ก Mail Server Web Server FTP Server Firewall Log Agent Log Agent Log Agent Log Agent Collection Preservation RAW LOG DB 8 Presentation 7 Comparison 6 Formalization 5 Data Processing 2 (Framework) 1 ก ก ก ก ก ก 2 ก ก ก ก ก 3 ก ก ก ก ก ก ก ก ก ก ก AES (Advanced Encryption Standard ) [19] ก RAW LOG 4 ก ก ก ก ก ก ก 5 ก ก 3 ก ก ก ก ก SHA-1 [20] sum ก 6 ก ก ก 5 ก ก ก Base64 [21] ก ก ก ก
58 ก ก 7 ก ก ก ก ก ก SHA-1 sum ก SHA-1 sum ก 5 8 ก ก ก ก ก ก 3.2 ก ก ก ก ก ก (Central log) ก (Server system) ก ก ก ก ก 3 Central Log FTP server R1 ADSL Web server Link 1 Link 2 R2 Astaro Firewall Static Link 3 ก ก 3 ก ก ADSL ก ก ก ก ก ก ก ก ก 4. ก ก 3 ก ก ก ก ก ก ก ก ก ก ก, ก ก ก ก ก ก ก ก ก ก ก 4.1 ก ก ก - Router 2 - Firewall 1 - FTP and Web Server 1 - Central Log 1 - Access Point 1 - Switch 3 com 1 Router 2 R1. ADSL router dynamic IP - Link bandwidth 10Mbps - PPPOE mode R2. ADSL router static IP - Link bandwidth 2Mbps - Bridge mode Astaro Firewall 1 1. Interface eth1 (Link 1) Mode : NAT Type : Ethernet Standard 2. Interface eth2 (Link 2) Mode : NAT Type : DSL (PPPOE) 3. Interface eth0 (Internal Network) Type : Ethernet Standard 4. Policy of Firewall Packet Filter Source Internal Network Services 23, 25, 53, 443, 110 Destination Any
59 Network Address Translation (NAT) Traffic Source any Traffic Service 80,443 Traffic Destination NAT mode DNAT Destination Web Server Proxy web cache Mode Transparent Source Internal Network Services http, ftp FTP and Web Server 1 OS Ubuntu Service FTP (VSFTP) httpd, https Domain name Central Log 1 OS CentOS 5.5 Service Syslog-ng Access Point 1 Product Linksys wrt54gl Mode AP Mode Switch 3 com 1 Product HP V G Switch Role Layer 2 Access switch 4.2 ก ก ก ก ก ก ก ก ก (Port scan) ก ก ก ก ก ก 4 ก ก Advanced Port Scanner v1.3 ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 5 ก ก ก 5 กก ก ก ก ก ก 4 ก ก ก
60 6 ก ก ก 6 ก ก ก ก ก ก 8 ก ก ก 8 ก ก ก ก ก ก 7 ก ก ก 7 ก ก ก ก ก ก 9 MAC ก ก ก 9 ก ก ก ก ก ก
61 5. ก 5.1 ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก 5.2 ก ก ก ก ก กก ก ก ก ก ก ก ก ก ก ก 5.3 ก ก ก Lin et al. [2] ก ก ก ก ก ก ก ก ก ก ก ก 6. ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก ก IPSec VPN, SSL VPN ก ก ก ก ก ก ก [1] E. S. Pilli, R. C. Joshi, and R. Niyogi. Network Forensic Framework: Survey and Research Challenges. Digital Investigation (2010), doi: /j.diin [2] C. Lin, L. Zhitang, and G. Cuixia. Automated Analysis of Multi-source Logs for Network Forensics First International Workshop on Education Technology and Computer Science. [3] B. J. Nikkel. Generalizing Sources of Live Network Evidence. Digital Investigation (2005) 2, [4] Bruce J. Nikkel. A portable network forensic evidence collector. Digital investigation (2006) 3, [5] Hou Ming, Shen LiZhong. A New System Design of Network Invastion Forensics Second International Conference on Computer and Electrical Engineering. [6] ก,, ก ก.ก ก ก [7] Tcpdump, [8] Wireshark, [9] pads, [10] Sebek, [11] ntop, [12] P0f, [13] Bro, [14] Snort, [15] TCPFlow,
62 [16] NfDump, [17] TCPReplay, [18] Flow-tools, [19] AES (Advanced Encryption Standard), ard [20] SHA-1, [21] Base64,
Load Balance Mechanism
Load Balance Application in Dual-WAN Interface Load Balance Mechanism To which WAN port the traffic will be routed is determined according to the Load Balance mechanism. Below diagram shows how Vigor router
Firewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
Multi-Homing Dual WAN Firewall Router
Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet
ค ม อการใช โปรแกรมร บ-ส งข อม ลอ เล กทรอน กส แบบท 1 ระหว างบร ษ ทประก นภ ยก บส าน กงาน คปภ. โดยว ธ การแบบปลอดภ ย แบบท 1 การร บ-ส งจดหมายโดยใช โปรแกรม MS Outlook Express 1.1 ว ธ ต ดต ง TOT ROOT CA Certificate
Open Source Security Tool Overview
Open Source Security Tool Overview Presented by Kitch Spicer & Douglas Couch Security Engineers for ITaP 1 Introduction Vulnerability Testing Network Security Passive Network Detection Firewalls Anti-virus/Anti-malware
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions
Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,
ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004
ZyWALL 5 Internet Security Appliance Quick Start Guide Version 3.62 (XD.0) May 2004 Introducing the ZyWALL The ZyWALL 5 is the ideal secure gateway for all data passing between the Internet and the LAN.
Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via SSL Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If you are not
For extra services running behind your router. What to do after IP change
For extra services running behind your router. What to do after IP change This guide is for customers who meet the following conditions: - Customers who have moved from a TPG Layer 3 plan to a TPG Layer
SSL... 2 2.1. 3 2.2. 2.2.1. 2.2.2. SSL VPN
1. Introduction... 2 2. Remote Access via SSL... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Software and Certificates...10
Network Configuration Settings
Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices
Network/Internet Forensic and Intrusion Log Analysis
Course Introduction Enterprises all over the globe are compromised remotely by malicious hackers each day. Credit card numbers, proprietary information, account usernames and passwords, and a wealth of
Gigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
NEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
information security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
Network Security. Network Packet Analysis
Network Security Network Packet Analysis Module 3 Keith A. Watson, CISSP, CISA IA Research Engineer, CERIAS kaw@cerias.purdue.edu 1 Network Packet Analysis Definition: Examining network packets to determine
SANGFOR SSL VPN. Quick Start Guide
SANGFOR SSL VPN Quick Start Guide This document is intended to assist users to install, debug, configure and maintain SANGFOR SSL VPN device quickly and efficiently. Please read the followings carefully
Funkwerk UTM Release Notes (english)
Funkwerk UTM Release Notes (english) General Hints Please create a backup of your UTM system's configuration (Maintenance > Configuration > Manual Backup) before you start to install the software update.
Topics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
Load Balance Router R258V
Load Balance Router R258V Specification Hardware Interface WAN - 5 * 10/100M bps Ethernet LAN - 8 * 10/100M bps Switch Reset Switch LED Indicator Power - Push to load factory default value or back to latest
Getting Started with PRTG Network Monitor 2012 Paessler AG
Getting Started with PRTG Network Monitor 2012 Paessler AG All rights reserved. No parts of this work may be reproduced in any form or by any means graphic, electronic, or mechanical, including photocopying,
Wireless G Broadband quick install
Wireless G Broadband Router quick install guide Model 503693 INT-503693-QIG-0608-02 Thank you for purchasing the INTELLINET NETWORK SOLUTIONS Wireless G Broadband Router, Model 503693. This quick install
Chapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
UIP1868P User Interface Guide
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
Connecting to and Setting Up a Network
Chapter 9 Connecting to and Setting Up a Network Reviewing the Basics 1. How many bits are in a MAC address? 48 bits 2. How many bits are in an IPv4 IP address? In an IPv6 IP address? 32 bits, 128 bits
How To Configure A Vyatta 4.2.0 As A Ds Internet Connection Router/Gateway With A Web Server On A Dspv.Net 4.0.1 (Dspv) On A Network With A D
Open Informatics a An Information Technology Company Visit us on the web at www.openinformatics.net Tutorial Author: Zlatan Klebic Send Feedback: zklebic@openinformatics.net Configuring a Vyatta 4.0 release
F-Secure Internet Gatekeeper
F-Secure Internet Gatekeeper TOC F-Secure Internet Gatekeeper Contents Chapter 1: Welcome to F-Secure Internet Gatekeeper...5 1.1 Features...6 Chapter 2: Deployment...8 2.1 System requirements...9 2.2
Multi-Homing Security Gateway
Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000
Appendix C Network Planning for Dual WAN Ports
Appendix C Network Planning for Dual WAN Ports This appendix describes the factors to consider when planning a network using a firewall that has dual WAN ports. This appendix contains the following sections:
Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers
Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers Secure Remote Access at the Heart of the Small Business Network Highlights Dual WAN connections for load balancing and connection redundancy
How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (
UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet
Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway
PLANET Product Guide 2011 Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your
Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users
Linux firewall Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Linux is a open source operating system and any firewall
Linux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
Sophos UTM. Remote Access via SSL. Configuring UTM and Client
Sophos UTM Remote Access via SSL Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without
Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 12 Network Forensics Objectives Understand Internet fundamentals Understand network basics Acquire data on a Linux computer Guide
SMC7901WBRA2-B1 Installation Guide
SMC7901WBRA2-B1 Installation Guide Model number: SMC7901WBR2- B1 Topic: Wireless Encryption (WPA) c. Click WLAN Security. Choose WPA2 Mixed under Encryption. Enter a password in the Pre- Shared Key and
Security. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
Chapter 2 Preparing Your Network
Chapter 2 Preparing Your Network This document describes how to prepare your network to connect to the Internet through a router and how to verify the readiness of your broadband Internet service from
Comtrend 1 Port Router Installation Guide CT-5072T
Comtrend 1 Port Router Installation Guide CT-5072T 1 Installing Access Point s DSL Service with a Comtrend Router Thank you for selecting Access Point, Inc. to be your Internet service provider. This guide
DRO-210i LOAD BALANCING ROUTER. Review Package Contents
DRO-210i LOAD BALANCING ROUTER Review Package Contents Make sure that the package contains the following items. DRO-210i Load Balancing Router 2 Straight Ethernet Cables 1 Cross Over Ethernet Cable 1 Power
Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer
Corporate VPN Using Mikrotik Cloud Feature By SOUMIL GUPTA BHAYA Mikortik Certified Trainer What is a VPN? A virtual private network (VPN) is a method for the extension of a private network across a public
Sophos UTM. Remote Access via PPTP. Configuring UTM and Client
Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without
Administrator's Guide
Administrator's Guide Contents Administrator's Guide... 7 Using Web Config Network Configuration Software... 8 About Web Config... 8 Accessing Web Config... 8 Restricting Features Available for Users...
Comodo MyDLP Software Version 2.0. Installation Guide Guide Version 2.0.010215. Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013
Comodo MyDLP Software Version 2.0 Installation Guide Guide Version 2.0.010215 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1.About MyDLP... 3 1.1.MyDLP Features... 3
REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.1.0.XXX Requirements and Implementation Guide (Rev 4-10209) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis Training Series
Network Monitoring and Traffic Analysis
and Traffic Analysis Agenda A Quick Review of A Collection of Common Network Traffic Tools This Will be a Play As We Go Lecture The Tools We Will Cover: FlowTools, Sniffers, Graphical, and Hacker 2 FlowTools
Internet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
The 7th National Conference on Computing and Information Technology. A Web-based Single Sign-on (SSO) using SAML 2.0
ก ก ก SAML 2.0 A Web-based Single Sign-on (SSO) using SAML 2.0 (Tatchai Russameroj) 1 (Pornchai Mongkolnam) 2 ก ก ก (Kriengkrai Porkaew) 3 1, 2, 3 ก tum010@hotmail.com 1, pornchai@sit.kmutt.ac.th 2, porkaew@sit.kmutt.ac.th
1. Hardware Installation
4 Port 10/100M Internet Broadband Router with USB Printer server Quick Installation Guide #4824904AXZZ0 1. Hardware Installation A. System Requirement Before you getting started, make sure that you meet
Quick Note 026. Using the firewall of a Digi TransPort to redirect HTTP Traffic to a proxy server. Digi International Technical Support December 2011
Quick Note 026 Using the firewall of a Digi TransPort to redirect HTTP Traffic to a proxy server Digi International Technical Support December 2011 Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions...
Trouble shooting Guide <<<Field and NOC Engineer Perspective>>>
Trouble shooting Guide 1. ADSL Unstable : A. Ensure : i. Splitter has been used with proper connectivity. Troubleshooting Guide Field Engineer Perspective. Page
Some Tools for Computer Security Incident Response Team (CSIRT)
Some Tools for Computer Security Incident Response Team (CSIRT) AfNOG 12 30 th May 2011 10 th June 2011 Tanzania By Marcus K. G. Adomey Overview Some Unix Commands Some Selected Tools Snort AirSnort hping
Beginning OpenVPN 2.0.9
Beginning OpenVPN 2.0.9 Build and integrate Virtual Private Networks using OpenVPN Markus Feilner Norbert Graf PUBLISHING BIRMINGHAM - MUMBAI Preface 1 Chapter 1: VPN Virtual Private Network 7 Broadband
Multi-Homing Gateway. User s Manual
Multi-Homing Gateway User s Manual Contents System 5 Admin Setting Date/Time Multiple Subnet Hack Alert Route Table DHCP DNS Proxy Dynamic DNS Language Permitted IPs Logout Software Update 8 12 21 22 33
Edgewater Routers User Guide
Edgewater Routers User Guide For use with 8x8 Service Version 1.0, March 2011 Table of Contents EdgeMarc 200AE1-10 Router Overview...3 EdgeMarc 4550-15 Router Overview...4 Basic Setup of the 200AE1 and
ENHWI-N3. 802.11n Wireless Router
ENHWI-N3 802.11n Wireless Router Product Description Encore s ENHWI-N3 802.11n Wireless Router s 1T1R Wireless single chip can deliver up to 3x faster speed than of 802.11g devices. ENHWI-N3 supports home
Innominate mguard Version 6
Innominate mguard Version 6 Configuration Examples mguard smart mguard PCI mguard blade mguard industrial RS EAGLE mguard mguard delta Innominate Security Technologies AG Albert-Einstein-Str. 14 12489
AlienVault Installation Guide
AlienVault Installation Guide AlienVault LC - 1901 S Bascom Avenue Suite 220 Campbell, CA, 95008 T +1 408 465-9989 info@alienvault.com wwww.alienvault.com Juan Manuel Lorenzo (jmlorenzo@alienvault.com)
Chapter 1 Configuring Basic Connectivity
Chapter 1 Configuring Basic Connectivity This chapter describes the settings for your Internet connection and your wireless local area network (LAN) connection. When you perform the initial configuration
NETWORK SETUP GLOSSARY
GLOSSARY NETWORK SETUP Static IP PPPoE DHCP DDNS Static IP Computers are communicated and recognized by their own unique IP addresses over the Internet. Static IP provided by your ISP (Internet Service
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
ESR-9753 802.11b/g/n SOHO Router
ESR-9753 is a 1T1R Wireless Single chip 11N Broadband Router that delivers up to 3x faster speeds than 802.11g devices. ESR-9753 supports home network with superior throughput and performance and unparalleled
If you have questions or find errors in the guide, please, contact us under the following e-mail address:
1. Introduction... 2 2. Remote Access via PPTP... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Configuration
Introduction to Passive Network Traffic Monitoring
Introduction to Passive Network Traffic Monitoring CS459 ~ Internet Measurements Spring 2015 Despoina Antonakaki antonakd@csd.uoc.gr Active Monitoring Inject test packets into the network or send packets
ESR-9750. (Go Green Series) Wireless-N Broadband Router / AP / Repeater. 2.4 GHz 802.11b/g/n 300 Mbps
PRODUCT DESCRIPTION ESR-9750 is a Wireless 11N Broadband Router that delivers up to 6x faster speeds and 3x extended coverage than 802.11g devices. ESR-9750 supports home network with superior throughput
Installing and Configuring Websense Content Gateway
Installing and Configuring Websense Content Gateway Websense Support Webinar - September 2009 web security data security email security Support Webinars 2009 Websense, Inc. All rights reserved. Webinar
Fortigate Features & Demo
& Demo Prepared and Presented by: Georges Nassif Technical Manager Triple C Firewall Antivirus IPS Web Filtering AntiSpam Application Control DLP Client Reputation (cont d) Traffic Shaping IPSEC VPN SSL
BOSS (Broadband Office Storage Server) a Network Server Appliance (NSA) User Manual
BOSS (Broadband Office Storage Server) a Network Server Appliance (NSA) User Manual Thank you for purchasing IOGEAR 's BOSS, one of the most advanced and reasonable network server replacements on the market.
How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.
In this tutorial I am going to explain how to setup a home router with transparent proxy using Linux Ubuntu and Virtualbox. Before we begin to delve into the heart of installing software and typing in
Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005
Firewall Testing Cameron Kerr Telecommunications Programme University of Otago May 16, 2005 Abstract Writing a custom firewall is a complex task, and is something that requires a significant amount of
Front LEDs... 2 Rear Ports... 3 BASIC INSTALLATION... 4 Connecting Your Router... 5 Network Configuration... 6
0 P a g e Table of contents Front LEDs... 2 Rear Ports... 3 BASIC INSTALLATION... 4 Connecting Your Router... 5 Network Configuration... 6 Gateway Configuration... 11 Accessing your gateway... 11 Displaying
DSL-2600U. User Manual V 1.0
DSL-2600U User Manual V 1.0 CONTENTS 1. OVERVIEW...3 1.1 ABOUT ADSL...3 1.2 ABOUT ADSL2/2+...3 1.3 FEATURES...3 2 SPECIFICATION...4 2.1 INDICATOR AND INTERFACE...4 2.2 HARDWARE CONNECTION...4 2.3 LED STATUS
Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address : 69.43.165.11
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: rsync.net ASV Company: Comodo CA Limited 06-02-2015 Scan expiration date: 08-31-2015 Part 2. Component
Edgewater Routers User Guide
Edgewater Routers User Guide For use with 8x8 Service May 2012 Table of Contents EdgeMarc 250w Router Overview.... 3 EdgeMarc 4550-15 Router Overview... 4 Basic Setup of the 250w, 200AE1 and 4550... 5
Networking Basics and Network Security
Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired:
IBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
ESR-9752 802.11b/g/n SOHO Router
ESR-9752 is a 2T2R Wireless Single chip 11N Broadband Router that delivers up to 6x faster speeds and 3x extended coverage than 802.11g devices. ESR-9752 supports home network with superior throughput
Lab VI Capturing and monitoring the network traffic
Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)
Sweex Wireless BroadBand Router + 4 port switch + print server
Sweex Wireless BroadBand Router + 4 port switch + print server Advantages Internet Sharing - A broadband internet connection makes it possible for several PCs to use the internet simultaneously. Wireless
SSL Web Proxy. Generally to access an internal web server which is behind a NAT router, you have the following two methods:
SSL Web Proxy Vigor2930, Vigor2950 and VigorPro 5500/5510 series router support SSL Web Proxy function to let user access lots of servers in security via Internet environment. We provide a general user
Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.
Emerald Network Collector Version 4.0 Emerald Management Suite IEA Software, Inc. Table Of Contents Purpose... 3 Overview... 3 Modules... 3 Installation... 3 Configuration... 3 Filter Definitions... 4
Barracuda Link Balancer Administrator s Guide
Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
Broadband Phone Gateway BPG510 Technical Users Guide
Broadband Phone Gateway BPG510 Technical Users Guide (Firmware version 0.14.1 and later) Revision 1.0 2006, 8x8 Inc. Table of Contents About your Broadband Phone Gateway (BPG510)... 4 Opening the BPG510's
Configuring Global Protect SSL VPN with a user-defined port
Configuring Global Protect SSL VPN with a user-defined port Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be Global Protect SSL VPN Overview This document gives you an overview on how to configure
SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0
SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0 Before You Begin Before you install the SOHO 6 Wireless, you must have: A computer with a 10/100BaseT Ethernet card
802.11b/g/n SOHO Router 2.4GHz 150Mbps 11N AP/Router
802.11b/g/n SOHO Router 2.4GHz 150Mbps 11N AP/Router ESR-9753 PRODUCT DESCRIPTION ESR-9753 is a 1T1R Wireless Single chip 11N Broadband Router that delivers up to 3x faster speeds than 802.11g devices.
BorderWare Firewall Server 7.1. Release Notes
BorderWare Firewall Server 7.1 Release Notes BorderWare Technologies is pleased to announce the release of version 7.1 of the BorderWare Firewall Server. This release includes following new features and
Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012
Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012 1 The person installing the VC is knowledgeable of the Linux file system
Practical Network Forensics
BCS-ISSG Practical Network Forensics Day BCS, London Practical Network Forensics Alan Woodroffe issg@securesystemssupport.co.uk www.securesystemssupport.co.uk Copyright Secure Systems Support Limited.
Introduction to Network Security Lab 1 - Wireshark
Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication
Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort
License Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons
Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If
Mailstation & DM Series Communications Device, LAN Constant Connection, PC Meter Connect, and Wi Fi Connection Networking Guide
Mailstation & DM Series Communications Device, LAN Constant ion,, and Wi Fi ion Networking Guide To properly enable your network to work with your Pitney Bowes equipment and take advantage of the Digital
Ciphermail Gateway Separate Front-end and Back-end Configuration Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Separate Front-end and Back-end Configuration Guide June 19, 2014, Rev: 8975 Copyright 2010-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction
Prestige 650R-31/33 Read Me First
Prestige 650R-31/33 Read Me First Prestige Rear Panel Connections PORT DSL CONSOLE LAN 10/100M POWER Connect to a telephone jack using a telephone wire. CONNECTION Connect to a serial port (COM port) on
Firewall Defaults, Public Server Rule, and Secondary WAN IP Address
Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N