A Study on Wireless Intrusion Prevention System based on Snort



Similar documents
How To Connect Xbox 360 Game Consoles to the Router by Ethernet cable (RJ45)?

Firewalls. Chien-Chung Shen

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS

Linux Network Security

Network Defense Tools

CYBERTRON NETWORK SOLUTIONS

Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System

How To Understand A Firewall

Lab VI Capturing and monitoring the network traffic

NETWORK SECURITY (W/LAB) Course Syllabus

Network Security Management

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Securing Cisco Network Devices (SND)

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Course Title: Penetration Testing: Security Analysis

Kali Linux Cookbook. Willie L. Pritchett David De Smet. Chapter No. 9 "Wireless Attacks"

Linux Firewalls (Ubuntu IPTables) II

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WiFi Security Assessments

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

Introduction to Network Security Lab 1 - Wireshark

Protecting and controlling Virtual LANs by Linux router-firewall

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

9 Simple steps to secure your Wi-Fi Network.

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

CS5008: Internet Computing

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING.

Chapter 7. Firewalls

Hole196 Vulnerability in WPA2

Chapter 9 Firewalls and Intrusion Prevention Systems

Topics in Network Security

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

IDS / IPS. James E. Thiel S.W.A.T.

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

XML-based EDI Document Processing System with Binary Format Mapping Rules

A Research Using Private Cloud with IP Camera and Smartphone Video Retrieval


Securing end devices

Packet Sniffing and Spoofing Lab

MITM Man in the Middle

Information Security Training. Assignment 1 Networking

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Security Awareness. Wireless Network Security

A Research Study on Packet Sniffing Tool TCPDUMP

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Tools for Attacking Layer 2 Network Infrastructure

A Study on the Live Forensic Techniques for Anomaly Detection in User Terminals

Lab exercise: Working with Wireshark and Snort for Intrusion Detection

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

From Network Security To Content Filtering

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Chapter 4 Customizing Your Network Settings

Computer Security: Principles and Practice

All You Wanted to Know About WiFi Rogue Access Points

13 Ways Through A Firewall

CEH Version8 Course Outline

Network Attacks and Defenses

Computer Security DD2395

FortKnox Personal Firewall

Development of a Service Robot System for a Remote Child Monitoring Platform

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

Perspective on secure network for control systems in SPring-8

PCI Wireless Compliance with AirTight WIPS

Detailed Description about course module wise:

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Professional Penetration Testing Techniques and Vulnerability Assessment ...

CS Computer and Network Security: Firewalls

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Implementation of a Department Local Area Network Management System

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

WEP WPA WPS :: INDEX : Introduction :

Bridgewalling - Using Netfilter in Bridge Mode

Intro to Linux Kernel Firewall

IINS Implementing Cisco Network Security 3.0 (IINS)

Linux Firewall Wizardry. By Nemus

CRYPTUS DIPLOMA IN IT SECURITY

Sniffing in a Switched Network

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

End-user Security Analytics Strengthens Protection with ArcSight

13 Ways Through A Firewall What you don t know will hurt you

SCADA SYSTEMS AND SECURITY WHITEPAPER

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004

CSC574 - Computer and Network Security Module: Firewalls

A Model-based Methodology for Developing Secure VoIP Systems

Computer Firewalls. The term firewall was originally used with forest fires, as a means to describe the

Transcription:

, pp. 1-12 http://dx.doi.org/10.14257/ijseia.2015.9.2.01 A Study on Wireless Intrusion Prevention System based on Snort Jong-Moon Kim, A-Yong Kim, Jung-Soo Yuk and Hoe-Kyung Jung * PaiChai University, Doma2-Dong, SeoGu, DaeJeon, Korea elcomtech@elcomtech.co.kr, janlssary@naver.com, kimics1@naver.com, hkjung@pcu.ac.kr Abstract Due to the increased use of information and communication technology development of portable devices, the wireless network is on the rise. Wireless networks spread in areas of without physical access to reach the available smart phone or laptop network, as well as meet the needs of convenience. Although wireless networks send and receive data wirelessly, they can be intercepted when compared to a vulnerable wired network security. In this paper, the signature-based detection with Snort Wireless and iptables uses Wireless attack detection and prevention measures to implement a wireless intrusion prevention system. Additionally, to validate the performance of a wireless intrusion prevention system a mock hacking can be conducted. Keywords: iptables, Kali Linux, Snort, Snort Wireless 1. Introduction Portable Equipment Use Increase Due to Wireless Network Usage Increasing A wireless Network Cable Network Physical Connection Without Internet Use Possible That Convenience and Cable Network and Analogous Quality Provides but Wireless Network Propagation Using the Data, Send and receive Because of Such Features of the Security Vulnerability to Implies A. Security Vulnerability to Complement For Certification and Encryption Techniques [1] But Attack Of technologies Development of Due to Security Technology Limit Had reached [2]. Wireless Invasion Prevention System [3] Outside Invasions Detection and by blocking Inside System Protect and Wireless Use Specific Environment Based on Operation [4]. Commercial Wireless Invasion Prevention System Wireless Network Required Cost Reduction was not suitable. This Paper Open Sources Using the Built and simulated Hack Conducted by Invasion Prevention System Requirements Meets Verified. 2. Related Researches 2.1 Snort Wireless Snort Wireless [5] is a "Sniffer and more" the At the end of Was derived Network Protocol Analysis and Data Content Search, rules Matching the Worms, vulnerability Attacks, port Scan, the buffer Overflow And so on Various Attacks Detection. Of Snort Wireless Function Packet Sniffer Mode, the packet Loader Mode, intrusion Detection System Mode, intrusion Prevention System Mode Classification [6]. Packet Sniffer Mode - the basic Applications Programs and networks Packets Collect and Screen Outputs. Packet Loader Mode - a network of Traffic Read after Inspection for Database Recorded. * Corresponding Author ISSN: 1738-9984 IJSEIA Copyright c 2015 SERSC

Invasion Detection System Mode-invasive Detection System Function Conducted, packet Analysis Based on The Rules Taking advantage of Performed. Invasion Prevention System Mode - a network of Packets Rules and If the matching That Packets Block Number So Allow Mode Of Snort Wireless Structure [7] Other Invasion Detection System Similar to the Snort Wireless Structure Figure 1 Same. Figure 1. Snort Wireless Configuration Snort Wireless is Signature Based on Navigation and Malicious Activities and Suspect Activities Rules By writing Detection. Snort Wireless is Wireless Network Invasion Detection Protocol for Wi-Fi Using the Rules Create Number Rules and Wi-Fi Option Table 1 Same. Table 1. Snort Wireless Wi-Fi Rule Option frame_control type stype from_ds to_ds more_frags retry pwr_mgmt more_data wep order duration_id bssid seqnum fragnum addr4 ssid Description tests the entire frame control field tests the 802.11 frame's type tests the 802.11 frame's subtype tests the from distribution system frame control flag tests the to distribution system frame control flag tests the more fragments frame control flag tests the retry frame control flag tests the power management frame control flag tests the more data frame control flag tests the wep frame control flag tests the order frame control flag tests the frame's duration/id field tests the frame's BSSID tests the frame's sequence number tests the frame's fragment number tests the frame's 4th address field tests the frame's SSID 2.2 iptables iptables [8] is Four filters Project Developed in Linux Firewall Used. iptables the Tables and Chain Configure the Number And System Authority Root privileges required to You must run The. iptables the Linux Kernel Various Packet Treatment Cycle Powerful Directive Connect Figure 2 shows iptables and Relevant Kernel Tables are Which Point and Gives a connected About Structure diagram. 2 Copyright c 2015 SERSC

Figure 2. Connect the Kernel Structures with iptables IpTables of Table Packet Filtering and NAT functions A wide range of Categories Technical and Filter, NAT, Mangle, Raw has four Table [9] Each Table contains the Specific Packet Rules Set The "Chain" is Objects Included in the And Own Unique Chain Set Have in Table 2 of the iptables Function Chain. Table 2. iptables of Tables and Chains 테이블 기능 체인 Filter (Default) NAT Mangle Security Raw Packet filtering / firewall Network Address Translation Packet modification Mandatory Access Control Bypass conntrack for corner INPUT FORWARD OUTPUT PREROUTING INPUT OUTPUT POSTROUTING PREROUTING INPUT FORWARD OUTPUT POSTROUTING INPUT FORWARD OUTPUT PREROUTING OUTPUT Copyright c 2015 SERSC 3

The administrator Common Tagged with Relevant Rule Set Making For User Definition Chain Create a Number A packet Filtering Beforehand Defined in the INPUT, OUTPUT, FORWARD chain Exist. INPUT chain Kernel inside Routing Calculated after Packets Destination OUTPUT chain transfer and Linux systems Itself Create a Packets for Reserved FORWARD chain in the Linux system will Passing Packets Management. IPTables of Packet Flowchart Figure 3 Same. Figure 3. IpTables Packet Flow Chart 3. Wireless Invasion Prevention System Design and Building 3.1 Wireless Invasion Prevention System Design Wireless Invasion Prevention System Requirements Wireless Network DoS attacks and attack invading Fake AP, WEP cracking Attack, WPA Cracking Attack, MAC Spoofing Attacks Same Hack Defend. Also, an administrator of Identification and Authentication Through Just Only users with Access to Allowed Threats or Hacking The Security Thanks Function You must create The. Offer Wireless Invasion Prevention System Configuration Figure 4 Same. Figure 4. Wireless Intrusion Prevention System Configuration 4 Copyright c 2015 SERSC

Wireless Invasion Prevention Linux-based systems Building Packet Collection System Detection System, the block System Composed. Offer Wireless Invasion Prevention System Schematic is Figure 5 Same. Figure 5. Wireless Intrusion Prevention System Structures Wireless Invasion Prevention System Treatment Flow Figure 6 The same Packets Libpcap library Using the Log files collect and Stores and Log files Analysis of the Snort rules Create a Invasions Detect whether Checked. Detection Snort rule identified, IpTables rules based on by writing Invasions Blocked. Figure 6. Process Flow Chart of Wireless Intrusion Prevention System 3.2 Wireless Invasion Prevention System Building Wireless Invasion Prevention System Building Used OS is CentOS 6.4 (32bit) and installed Snort Before Relevant Libraries which are Daq, Libdnet, PCRE, Libpcap, Tcpdump to First Must be installed The. Based on the Snort Snort Wireless Operates Snort is used Figure 7 Version 2.9.5.5 and 2.9.5.5 as the Rules Was used. Copyright c 2015 SERSC 5

Figure 7. Snort-2.9.5.5 and Snort-2.9.5.5 Rules Snort's Fundamental Installation Path "/ Etc / snort /" and that Path Rules Copy the Apply also, Libpcap of Collected Log file packets Stored Fundamental Path "/ Var / log / snort /" is. Snort Wireless version is 2.4.3-alpha04 Install, "wifi.rules" rules Snort rules Path Copy the Wireless Invasions Detection Number So Applied. Of Snort Wireless Run For Wireless LAN Cards Activate the If you run Figure 8. Same. Figure 8. Snort Wireless Launch Screen To the CentOS iptables Installation At Included in the Installation and, if this iptables Installed Not If the Terminal "Yum-y install iptables" command Enter the Installed. iptables the Figure 9 As Services Register If you run The. 6 Copyright c 2015 SERSC

4. Experimental 4.1 mesons Attack Figure 9. IpTables Service Registration and Execution Experiments Meson Attack Imitation Hack The Detection and Block Experiments Progress. Attacks in Kali Linux Included in the To the Ettercap Was used. Ettercap is a GUI function Support Execution How to Figure 10 as Executed Methods and Terminal "Ettercap-G" to Input How to Be. Figure 10. Ettercap Execution Path Copyright c 2015 SERSC 7

Figure 11. Unified Sniffing Sniffing Run Instantly Figure 11 As "Unified sniffing" the Run the Wireless Interface Selected. "Host" tab The "Scan for hosts" to if you run Full Network Explore and "Host List" to If you choose Figure 12 As Navigate to the Found Network List Screen Outputs. Figure 12. Host List Output Network From the list of Host to target Select to ARP Poisoning If you run Meson Attack Carried out in Figure 13 is Meson Attacks Being the Screen. 8 Copyright c 2015 SERSC

4.2 mesons Attack Experiment Result Figure 13. Host List Of Snort Wireless Execution Terminal "Snort-vde-w-i-wlan0-A full-k pcap-l / var / log / snort /" to If you enter The. Log pcap format file Log path stored Stored. Stored in Log files Wireshark Open Figure 14 The same Packets Analysis. Figure 14. Host List ARP Poisoning a certain amount of time each packet retransmissions and retransmits a packet based on a Snort rules to be written. Snort rules are written the same as in Figure 15. Figure 15. Writing Snort Rules Snort rules are applied to create a man-in-the-middle attack is detected, re-tests check whether the invasion. Created Alert Log files are the same as in Figure 16. Copyright c 2015 SERSC 9

Figure 16. Snort Alert Log File List Figure 17. Writing iptables Rules Snort rules based on the detection and confirmation iptables rules to be written. The rules are the same as in Figure 17 iptables written. IpTables rules to create and activate a given interval when the retransmission of packets is cut off by a man-in-the-middle attack can be prevented. 5. Conclusion Wireless Network Use With increased Together Security Vulnerability to Exploit Crime and Damage to Increasing A wireless Network Characteristics Cable Network Than Security Vulnerable to Users Indiscreet The use of a wireless AP By Crime Exposed to Damage Also Mouth Number Be an existing Wireless Invasion Prevention System Commercial System Building Operated these Commercial System Wireless Network Required Cost Reduce the Not suitable Is not. This Paper Open Source the Wireless Invasion Prevention System Building Room about Research and Proposed. Simulation Hack the Proposition the Wireless Invasion Prevention System Performance Assessed, wireless Invasion Methods and Block Methodology Presented by Paper Excellence Was verified. Limiting Wireless Invasion Detection System Costs Savings Effects Existing the commercial system, and Performance and Compatibility In terms of Replacement Possible by Judged. Future School of zero Wireless Invasion Prevention System Driving in Overload Prevention Snort for the Sensors Dispersion Place Packets By collecting Mid Server Transfer, server Forwarding Received Packets Dispersion Treatment Approach The Analysis And Detection and Block Dispersion Arrangement System Ways to apply The Student Needed. References 10 Copyright c 2015 SERSC

[1]. S. H. Kwon and D. W. Park, "Hacking and Security of Encrypted Access Points in Wireless Network", Journal of Information and Communication Convergence Engineering, vol. 10, no. 2, (2012), pp. 156-161. [2]. Y. N. Choi and S. M. Cho, "The Risk of Wardriving Attack Against Wireless LAN and its Counterplan", JKIICE, vol. 13, no. 10, (2009), pp. 2121-2128. [3]. J. Timofte, "Wireless intrusion prevention systems," Revista Informatica Economica, vol. 47, (2008), pp. 129-132. [4]. B. Potter, "Wireless intrusion detection," Network Security, (2004), pp. 4-5. [5]. A. Lockhart, "Snort-wireless," http://www.snort-wireless.org/. [6]. D. Gullett, "Snort 2.9. 3 and Snort Report 1.3. 3 on Ubuntu 12.04 LTS Installation Guide". [7]. D. S. Lakra, "HSNORT: A Hybrid Intrusion Detection System using Artificial Intelligence with Snort," Computer Technology & Applications, vol. 4, (2013), pp. 466-470. [8]. O. Andreasson, "Iptables Tutorial 1.2". [9]. W. Sun, W. Wang and H. Han, "Building traversing NAT IPv6 tunnel gateway system relies on Netfilter / iptable framework," Computer Engineering and Design, vol. 6, (2007). Authors Jong Moon Kim, he received the M.S. degrees from the Department of Computer Engineering of Paichai University, Korea in 2012. From 1992 to 2003, he worked for Elcomtech System CO., Ltd. Inc. as a CEO. Since 2003, he has worked in ELCOMTECH CO., Ltd. Inc. as a CEO. He is currently a Ph.D. in Department of Computer Engineering of Paichai University. His current research interests include Digital Multimedia Broadcasting, Internet Protocol Television, MPEG. A Yong Kim, he is received B.S. degrees in Department of computer engineering from Paichai University in 2013. And currently under M.S course in the Department of Computer Engineering at the Paichai University. His research interests are multimedia information processing, Hadoop, Lucene and Search engine. Jung Soo Yuk, he received a B.S degree in the Department of Information and Communication on Engineering Gyeongsang National University, Tongyeong, Korea, in 2000. He is currently pursuing a M.S. degree in Department of Computer Engineering, Paichai University, Daejeon, Korea. His research interests are multimedia information processing, Multimedia information processing. Hoe Kyung Jung, he received the M.S. degree in 1987 and Ph. D. degree in 1993 from the Department of Computer Engineering of Kwangwoon University, Korea. He has worked in the Department of Computer Engineering at Paichai University, where he now works as a professor. His current research interests include multimedia document architecture modeling, information processing, information retrieval, and databases. Copyright c 2015 SERSC 11

12 Copyright c 2015 SERSC

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information