The Bro Network Security Monitor

Similar documents
ISLET: Jon Schipp, Ohio Linux Fest An Attempt to Improve Linux-based Software Training

Lightweight Virtualization with Linux Containers (LXC)

Operating Systems Virtualization mechanisms

Docker : devops, shared registries, HPC and emerging use cases. François Moreews & Olivier Sallou

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,

Platform as a Service and Container Clouds

How Bigtop Leveraged Docker for Build Automation and One-Click Hadoop Provisioning

Type-C Ubuntu Product & Strategy Canonical Ltd.

Installing an open source version of MateCat

Cloud Simulator for Scalability Testing

Building Docker Cloud Services with Virtuozzo

Linstantiation of applications. Docker accelerate

Virtualization in Linux

OCS Virtual image. User guide. Version: Viking Edition

Network Virtualization Tools in Linux PRESENTED BY: QUAMAR NIYAZ & AHMAD JAVAID

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

Automated deployment of virtualization-based research models of distributed computer systems

Lightweight Virtualization. LXC containers & AUFS

PARALLELS SERVER BARE METAL 5.0 README

Virtualization analysis

Release Notes for Fuel and Fuel Web Version 3.0.1

Virtualization: Know your options on Ubuntu. Nick Barcet. Ubuntu Server Product Manager

Accessing RCS IBM Console in Windows Using Linux Virtual Machine

Solution Guide Parallels Virtualization for Linux

Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide

Virtualization and Performance NSRC

Cloud Server. Parallels. An Introduction to Operating System Virtualization and Parallels Cloud Server. White Paper.

Data Centers and Cloud Computing

Building a Private Cloud Cloud Infrastructure Using Opensource

Building a Continuous Integration Pipeline with Docker

Options in Open Source Virtualization and Cloud Computing. Andrew Hadinyoto Republic Polytechnic

Comparing Virtualization Technologies

PARALLELS CLOUD SERVER

Intro to Docker and Containers

Docker on OpenStack. August Author : Nitin Agarwal nitinagarwal3006@gmail.com. Supervisor(s) : Belmiro Moreira

Lightweight Virtualization: LXC Best Practices

The Software Container pattern

Linux Virtualization. Kir Kolyshkin OpenVZ project manager

Cloud Security with Stackato

Building a Kubernetes Cluster with Ansible. Patrick Galbraith, ATG Cloud Computing Expo, NYC, May 2016

Cisco Application-Centric Infrastructure (ACI) and Linux Containers

Introduction. Installation of SE S AM E BARCODE virtual machine distribution. (Windows / Mac / Linux)

Extending Remote Desktop for Large Installations. Distributed Package Installs

Backup & Disaster Recovery Appliance User Guide

Verax Service Desk Installation Guide for UNIX and Windows

The Art of Virtualization with Free Software

IBM WebSphere Application Server Version 7.0

IBM Cloud Manager with OpenStack

DevOps Course Content

Virtual Hosting & Virtual Machines

Rudder. Sharing IT automation benefits in a team with Rudder. Benoît Peccatte bpe@normation.com. Normation Tous droits réservés normation.

Tips for getting started! with! Virtual Data Center!

virtualization.info Review Center SWsoft Virtuozzo (for Windows) //

A New Era. A New Edge. Phishing within your company

VMware Server 2.0 Essentials. Virtualization Deployment and Management

The Virtual Environment

Oracle Solaris: Aktueller Stand und Ausblick

@CodenvyHQ

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

What new with Informix Software as a Service and Bluemix? Brian Hughes IBM

Ubuntu Linux Reza Ghaffaripour May 2008

How to Backup XenServer VM with VirtualIQ

Getting Started Using Project Photon on VMware Fusion/Workstation

CSE 265: System and Network Administration. CSE 265: System and Network Administration

AKIPS Network Monitor User Manual (DRAFT) Version 15.x. AKIPS Pty Ltd

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

How To Install Openstack On Ubuntu (Amd64)

Scyld Cloud Manager User Guide

Using Docker in Cloud Networks

How To Install An Org Vm Server On A Virtual Box On An Ubuntu (Orchestra) On A Windows Box On A Microsoft Zephyrus (Orroster) 2.5 (Orner)

SUSE Manager in the Public Cloud. SUSE Manager Server in the Public Cloud

Git Fusion Guide August 2015 Update

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CDH installation & Application Test Report

Using Vagrant for Magento development. Alexander

Bringing the Eko VM Home (302)

OS X Modular Imaging and Deployment using Free and Open Source Tools

Project Documentation

INUVIKA OVD INSTALLING INUVIKA OVD ON UBUNTU (TRUSTY TAHR)

Why Does CA Platform Use OpenShift?

9/26/2011. What is Virtualization? What are the different types of virtualization.

Proposal for Virtual Private Server Provisioning

Restricted Document. Pulsant Technical Specification

DTC & DTC-Xen Running a VPS business with Xen Thomas Goirand, GPLHost CEO. Xen Summit Asia at Intel 2009

LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING

Parallels Plesk Automation

DVS-100 Installation Guide

Download Virtualization Software Download a Linux-based OS Creating a Virtual Machine using VirtualBox: VM name

Embedded Linux development training 4 days session

CSE 265: System and Network Administration. CSE 265: System and Network Administration

Virtualization. Michael Tsai 2015/06/08

Example of Standard API

Transcription:

The Bro Network Security Monitor Bro Live!: Training for the Future Jon Schipp NCSA jschipp@illinois.edu BroCon14 NCSA, Champaign-Urbana, IL

Issues Motivations Users: Too much time is spent passing around, downloading, and copying Virtual Machines or other materials Networks are slow Virtual harddisks are big Users: Technical difficulties can occur and often do that end up putting some behind the group VirtualBox bus configuration VirtualBox network configuration Admins: Account management is repetitive Everyone: Changes are not easy Insertion of wrong exercises, mistakes, etc.. How is this handled? Ultimately, the burden is placed on the users and this affects the overall event experience 2 / 14

Ideas Solutions Admins: Avoid passing around or downloading VM s if possible. Give user s access to your server. Big time saver! Admins: Make barrier to participation as thin as possible Require only a program (e.g. ssh) Opens possibilities to phones, tablets, etc. Admins: Automated account management Admins: Changes can be easily completed Add, remove, or modify exercises during event Immediately available Ultimately, we pass the burden onto the admins (we re used to it anyway) 3 / 14

Major Software Components You know at least four of these right? 4 / 14

Docker What? Automates the deployment of Linux based containers Provides a layer of abstraction Various methods of container creation 5 / 14

Linux Based Containers Important: "Linux Based Containers" There is no container specification There are different container (and like) technologies for Linux Linux: LXC, OpenVZ, Google containers, etc. Non-Linux: BSD Jails, Solaris Zones, AIX WPAR, etc. What do containers do? Light-weight process virtualization What do virtual machines do? Hardware virtualization 6 / 14

Linux Kernel Stuff Support: Linux Kernel 3.8 introduced the foundation for Linux Based containers Namespaces Currently available: pid, net, ipc, uts, mnt, and user Process isolation Control Groups (cgroups) Resource Management It s not magic, you can create namespaces and cgroups directly from your shell by modifying procfs and sysfs 7 / 14

Container Advantages Density: Run hundreds or even thousands of containers on a single machine Performance: Very fast startup and tear down time, little overhead Nesting: Running containers within containers is possible Isolation: See or talk to hosts, other containers, or none User Perspective: Looks and feels like a Virtual Machine Container has its own IP, filesystem, processes, etc. 8 / 14

Our Implementation 1. Users log into a non-privileged system account via SSH Strong crypto, ubiquitious, low overhead ssh demo@live.bro.org 2. Automated account (non-system) creation via shell script 3. Docker is called and ships each user in their own container Appropriately named and thus re-attachable by name Handled via shell script Just in case you forgot each container instance is an isolated process 4. User performs work in container Runs unix commands, traverses filesystem, runs bro 5. User logs out, does something else then is ready to work again 5.1 They SSH into the same non-privileged user account again 5.2 Enter their newly created credentials 5.3 Are automatically re-attached to their container instance 9 / 14

Container Security Considerations Networking is disabled Prevent attacks against other hosts, containers, or self System resources are limited per container to prevent selfishness and abuse CPU and RAM allocation Containers and users are automatically removed after a period of time Length of conference or event Containers which get too large are automatically removed to prevent disk space abuse Denial of Service Finer environment controls via ulimit fsize, nproc, etc. 10 / 14

You can have one too Want Your Own? Want to host your own Bro training event with a system like this? It s free Publicly available Vagrant: http://github.com/jonschipp/vagrant Docker: http://hub.docker.com/u/jonschipp/latest-bro-sandbox/ System configuration is entirely automated Written for and tested on Ubuntu Trusty and Saucy Installation and configuration on Ubuntu $ wget https://raw.githubusercontent.com/jonschipp/vagrant/ master/bro-sandbox/provision.sh -O - bash Testing with Vagrant $ git clone http://github.com/jonschipp/vagrant && cd vagrant/bro-sandbox && vagrant up; ssh -p 2222 demo@127.0.0.1 11 / 14

Demo Let s try it $ ssh demo@live.bro.org demo@live.bro.org s password: Welcome to Bro Live! ====================... A place to try out Bro. Are you a new or existing user? [new/existing]: new... Enjoy yourself! Training materials are located in /exercises. e.g. $ bro -r /exercises/brocon14/beginner/http.pcap demo@bro: $ 12 / 14

Feedback Beta: The beta is live today! Help me help you Report any problems or concerns with usability or security Send me feature requests Send me patches and pull requests Let me know Talk to me Tweet me: @JonSchipp E-mail me: jonschipp@gmail.com, jschipp@illinois.edu 13 / 14

References I Rami Rosen Resource management: Linux kernel Namespaces and cgroups. In http://www.haifux.org/lectures/299/netlec7.pdf Rami Rosen Linux Containers and the Future Cloud. In http://www.haifux.org/lectures/320/netlec8_final.pdf Jerome Petazzoni Lightweight Virtualization with Linux Containers (LXC). In http://www.ciecloud.org/2013/subject/07-track06- Jerome%20Petazzoni.pdf The 5th China Cloud Computing Conference, China National Convention Center, Beijing Docker www.docker.com 14 / 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information