Research on IDS-IPS

I have spent some time researching on Intruder Detection System (IDS) and Intruder Prevention System (IPS) last week. I offered IDS/IPS to detect and prevent network attacks (both onside and outside). There are two types of IDS. Network-based IDS or NIDS or host-based IDS or HIDS. In this research I mainly focused on NIDS. I am going to install IDS/IPS on the honeypot machine (a server mirroring all functionalities of a real server) because honeypot is the point of attraction for attackers. I can capture and store network traffics using Snort (linux-version) on the honeypot server and use latest signatures to identify attacks.
In next few days I am going to deploy the IDS/IDS on the honeypot server.

In addition to above research, I was working on the demo and trying to solve the ASA issue. The problem is when we added the ASA into our network, it sometimes causes problem. For example, it sometime passes the ICMP packets and sometimes gives me "Request Timeout" messages. I reckon the problem is I made a loop in the network somewhere in my configurations. So, solving this problem is going to be my main focus for next couple of days.

Nagios

·      Nagios: Nagios allows us to cover the following items:

o   Monitor the Internal networks in the branches

o   Detect problems before they happen

o   Notify network administrators immediately when problems occur

o   Improve the availability of the servers and services

Using a free version of Nagios on Ubuntu is proposed to use in the project

1.   $ sudo apt-get install openssl nagios-nrpe-server nagios-plugins nagios-plugins-basic nagios-plugins-standard

2.   cp -p  /etc/nagios/nrpe.cfg /etc/nagios/nrpe.cfg.orig

3.   vi /etc/nagios/nrpe.cfg

4.   Change allowed_hosts=127.0.0.1 to nagios server

5.   /etc/init.d/nagios-nrpe-server restart

Xmpp

Extensible Messaging and Presence Protocol (XMPP): XMPP is known as secure and free instant messaging protocol. We want to use ejabberd to implement XMPP in this project. Ejabberd uses erlang (distributed database language) to share the user database with another XMPP server. In other words, we can have a chain on XMPP servers (one in each branch). 


to install xmpp by following stapes :-

1-    One XMPP server for each branch.

a.   xmpp.ksa.com

b.   xmpp.nz.ksa.com

c.   xmpp.us.ksa.com

2-    Using ‘ejabberd’ for implementing XMPP. Ejabberd was chosen for KSA because it is free, open-source and multi-platform instant messaging service that supports offline messaging with distributed databases (using ERLang).

3-    Downloading and running XMPP

a.   wget ejabberd-13.12-linux-x86_64-installer.run

b.   gunzip ejabberd-13.12-linux-x86_64-installer.run

c.   chmod a+x ejabberd-13.12-linux-x86_64-installer.run

d.   ./ ejabberd-13.12-linux-x86_64-installer.run

e.   following the installation steps

4-    Creating an XMPP user

a.   sudo ejabberdctl register {username} ejabberd.thehii.com {password}

5-    Access to web based control panel

a.   http://IP address:5280/admin/

FTP

One of the biggest challenges for designing and implementing the KSA computer network was to choose a secure and reliable way to share and manage KSA’s documents. One option was to use a web server for upload and download documents and the other one was to use a proper FTP server [5] [6]. There are pros and cons of using either option. For example, web server is easy to implement but it is not as fast as FTP. Using the webserver for sharing document does not let us know how much data each user is writing where as with FTP users could be limited by the number of Mega Bytes or Giga Bytes of a shared hard drive on a server

installing VSFTPD

apt-get install vsftpd
*edit /etc/vsftpd.cof as below :