GUJARAT TECHNOLOGICAL UNIVERSITY



Similar documents
Cloud Courses Description

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Overview - Snort Intrusion Detection System in Cloud Environment

Securing Cloud using Third Party Threaded IDS

Cloud Courses Description

A Survey on Cloud Security Issues and Techniques

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

Keyword: Cloud computing, service model, deployment model, network layer security.

An Alternative Model Of Virtualization Based Intrusion Detection System In Cloud Computing

Security Issues in Cloud Computing

Security Issues In Cloud Computing and Countermeasures

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Cloud Computing for SCADA

Private Cloud Database Consolidation with Exadata. Nitin Vengurlekar Technical Director/Cloud Evangelist

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

Intrusion Detection/Prevention Systems in the Cloud. Joseph Johann ICTN6875. East Carolina University

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

CLOUD COMPUTING. When It's smarter to rent than to buy

Abstract 1. INTRODUCTION

Cloud Computing. What is it? Presented by Prof. Dr.Prabhas CHONGSTITVATANA Asst. Prof. Dr.Chaiyachet SAIVICHIT. Source : Montana State Library Archive

Network Security Monitoring: Looking Beyond the Network

The cloud - ULTIMATE GAME CHANGER ===========================================

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Cloud Computing An Elephant In The Dark

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Cloud computing: the state of the art and challenges. Jānis Kampars Riga Technical University

CLOUD COMPUTING. A Primer

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Session 3. the Cloud Stack, SaaS, PaaS, IaaS

International Journal of Enterprise Computing and Business Systems ISSN (Online) :

Security management in the internet era

Software and Cloud Security

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

How To Understand Cloud Computing

Intrusion Detection Systems

Security and Privacy in Cloud Computing

EXIN Cloud Computing Foundation

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

IDS / IPS. James E. Thiel S.W.A.T.

An Inspection on Intrusion Detection and Prevention Mechanisms

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Cloud Computing and Attacks

Introduction to Engineering Using Robotics Experiments Lecture 18 Cloud Computing

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

DNP Serial SCADA to SCADA Over IP: Standards, Regulations Security and Best Practices

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

IDPS: An Integrated Intrusion Handling Model for Cloud Computing Environment

Cloud Computing and Big Data What Technical Writers Need to Know

How to Grow and Transform your Security Program into the Cloud

Intrusion Detection Systems

NETWORK SECURITY (W/LAB) Course Syllabus

Modern Web development and operations practices. Grig Gheorghiu VP Tech Operations Nasty Gal

Taxonomy of Intrusion Detection System

Chapter 11 Cloud Application Development

Open Source in Government: Delivering Network Security, Flexibility and Interoperability

IDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for

Security of Information Systems hosted in Clouds: SLA Definition and Enforcement in a Dynamic Environment

Certified Cloud Computing Professional VS-1067

Computer Security: Principles and Practice

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

SURVEY OF INTRUSION DETECTION SYSTEM

Cloud Security:Threats & Mitgations

Cloud Essentials for Architects using OpenStack

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

Datacenters and Cloud Computing. Jia Rao Assistant Professor in CS

Improving the Microsoft enterprise. network for public cloud connectivity

Computer Security DD2395

Can PCI DSS Compliance Be Achieved in a Cloud Environment?

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Security in the Sauce Labs Cloud

Data Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila

From Network Security To Content Filtering

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS

How To Protect Your Cloud From Attack

CLOUD GUARD UNIFIED ENTERPRISE

Cloud Computing Overview

Third Party Cloud Services Its Adoption in the New Age

Fundamental Concepts and Models

Intro to Firewalls. Summary

Fundamentals of Cloud Computing

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2. Intrusion Detection and Prevention Systems

EVOLVED DATA CENTER ARCHITECTURE

Building Private & Hybrid Cloud Solutions

SDN/Virtualization and Cloud Computing

APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION

Index. BIOS rootkit, 119 Broad network access, 107

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Firewalls and Intrusion Detection

Transcription:

GUJARAT TECHNOLOGICAL UNIVERSITY Seminar on Intrusion Detection for Hypervisor- Based Cloud Computing Infrastructure by Dr. Rajeev Agrawal, North Carolina A&T State University, USA GTU s PG Research Center of Cyber Security organized a Seminar on Intrusion Detection for Hypervisor- Based Cloud Computing Infrastructure at GTU, Chandkheda on 5 th December-2015 from 02:00 PM to 04:00 PM. The seminar was delivered by Dr. Rajeev Agrawal, Department of Computer Systems Technology, North Carolina A&T State University, Greensboro- NC 27410. During the Seminar, the following topics were discussed: 1. Introduction to Cloud Computing. Cloud computing is defined as a model to enable convenient on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or direct service provider interaction. Based on the service model, Cloud Computing is classified into three types: Software as a Service (SaaS): Google Docs, Dropbox Platform as a Service (PaaS): Google App Engine Infrastructure as a Service (IaaS): OpenStack, Apache CloudStack, Proxmox VE 2. Introduction to Hypervisor model. A hypervisor is basically a computer software, hardware or firmware that creates and runs virtual machines. Bare metal or native hypervisors will run the server on booting up the system instead of the operating system (Type-1). Hosted hypervisors runs within an operating system (Type-2). 3. Explain IDPS Methodology

Anomaly based methodology architecture The ability to detect new attacks/violations without updates. Detects insider attacks Detects variants of new attacks Does not need signature updates to detect new threats Can detect threats that utilize multiple but separate attacks High volume of false positives and false negatives Needs a training period before use Places high overhead on the system Difficult to use due to high volume of alerts Signature based methodology architecture Has no learning/training period Very efficient at detecting known threats Low volume of false positives Less overhead on the system being monitored Needs signature update to detect new threats Cannot detect variants of known attacks Cannot detect insider attacks Leaves the monitored environment at risk during the time when a new threat is discovered and the time a signature is applied. Stateful Protocol Analysis based methodology architecture Has no learning/training period Very efficient at detecting known threats Low volume of false positives Can detect specialized threats Resists evasion

Needs signature/rule update to detect new threats Cannot detect variants of known attacks Cannot detect insider attacks Can place high overhead on the processing system Leaves the monitored environment at risk during the time when a new threat is discovered and the time a signature/rule is applied. Hybrid based methodology architecture Has a shorter or no learning/training period Very efficient at detecting both known and unknown threats Can detect variants of known attacks Low volume of false positives Accurate alerts Can detect insider attacks May protect the monitored environment during the time when a new threat is discovered and the time when a signature/rule is applied Needs signature/rule update to detect new threats Cannot detect variants of known attacks Cannot detect insider attacks May leave the monitored environment at risk during the time when a new threat is discovered and the time when a signature/rule is applied 4. Explain various types of IDPS. Intrusion detection and Prevention systems (IDPS) is a software or an application that monitors network and system activities for any malicious activities or policy violations in the systems and thus produces reports at the management station. There are two types of IDPS: Network based (NIDPS) Host based (HIDPS) 5. Explain some tools used for IDPS. Inundator: An intrusion evasion, multi-threaded and queue driven attack tool. Used to flood IDS with traffic anonymously and trigger false positives. Use SOCKS proxy and tries to fake a real attack.

Tor: Tor is an open network to defend against traffic analysis. Tor connects through to the network through a sequence of virtual tunnels instead of Tor having to make a direct connection. A traffic analysis is done when Tor protects against a mutual form of surveillance. It preserves user s anonymity. Snort: An open source network intrusion detection system and network intrusion prevention system Logstash: Logstash is an open source tool to collect, parse, index, and store logs. It streams the data; Store data in an organized way, Can actually modify the data. Kibana: Kibana is used to visualize the data and make sure data make sense, Takes a vast amount of data or logs and make it easier to be processed, Seamless integration with Elasticsearch, Flexible interface and easy to share. The lecture was followed by a question-answer session. Dr Agrawal explained the subject in great depth and the students enjoyed the lecture. PHOTO GALLERY

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information