rough draft for things

parent 474c94d2
No preview for this file type
\title{Elastic IDS Overall Architecture Explained}
\author{
Praveen Kumar Shanmugam\\
School of Computing\\
University of Utah
Praveen Kumar Shanmugam\\
School of Computing\\
University of Utah
}
\date{\today}
......@@ -15,15 +15,15 @@
\maketitle
\begin{abstract}
This is describes about the overall architecture and the challenges in the
project \ldots
This is describes about the overall architecture and the challenges in the
project \ldots
\end{abstract}
\section{Introduction}
The main goal of the system is to make the IDS management simple and automated.
Our approach uses the capability of Software Defined Network (SDN) to manage the
network from a single point and leverage the elasticity of the cloud computing
resource and build a generic framework for the IDS management.
The main goal of the system is to make the IDS management simple and automated
in a core network. Our approach uses the capability of Software Defined Network
(SDN) to manage the network from a single point and leverage the elasticity of
the cloud computing resource and build a generic framework for the IDS management.
\section{Outline}
The Campus network consists of many services in its core network. We assume
......@@ -34,10 +34,10 @@ which is a generic Cloud service.
As the IDS installation requires manual installation of tap points in the
network and IDS server/sensor node setup which is a long and painstaking
process.
With the cloud infrastructure enabling the power of elasticity with on demand
instance creation and deletion and SDN providing the full network view and
control giving the possibility of automation with right kind of framework.
control giving the possibility of automation with right kind of framework to
do away with the manual part.
\section{Proposed Solution}
The SDN Controller in the campus network makes it possible to tap traffic at
......@@ -66,26 +66,36 @@ the brain of the framework. CNAC interfaces with the Cloud Controller and
the Cloud SDN Controller for controlling the IDS instances and network path
for that instance. Without the access to the network in the Cloud for the IDS
instance it is very difficult to deliver the traffic of interest just like the
packet which reaches the destination.
[TO BE CONTINUED]..\\
packet which reaches the destination without manual setup.
CNAC Interface also controls the Campus SDN Controller to enable the tap
points and install/delete flows based upon the CNAC commands to help monitor
the traffic or mitigate the attack.
\centerline{\includegraphics[width=1.0\textwidth]{ElasticIdsArch.jpg}}
\centerline{\includegraphics[width=1.1\textwidth]{ElasticIdsArch.jpg}}
\section{Tools Considered}
\begin{itemize}
\item Eucalyptus to be used for the Cloud setup. Use AWS API for
programming as Eucalyptus uses the same programming interface as EC2.
\item Security Onion (SO) [pluggable interface for various IDS] \url{https://launchpad.net/~securityonion/+archive/stable}
\item Security Onion (SO) [pluggable interface for various IDS]
\url{https://launchpad.net/~securityonion/+archive/stable}
\item OESS: OPEN EXCHANGE SOFTWARE SUITE \url{http://globalnoc.iu.edu/sdn/oess.html}
\item Chef: To distribute the rules of the IDS installation in Security Onion.
\item CLIPS/DROOL : Rule based modules.
\item RYU SDN Controller :http://osrg.github.io/ryu/
\item RYU SDN Controller : \url{http://osrg.github.io/ryu/}
\item FOAM : aggregate manager for GENI
\url{https://openflow.stanford.edu/display/FOAM/Home}
\end{itemize}
\section{Security Onion}
Describe about this..[TO-DO]\\
It is a Linux distro which forms a generic framework to plug different IDS
(Intrusion Detection System) and NSM (Network Security Monitoring) tool. This
also supports ELSA (Enterprise Log Search and Archive) which is a query tool
for looking at all of the supported IDS and NSM logs through the single
interface.
\centerline{\includegraphics[width=1.0\textwidth]{IDS_SecurityOnion.jpg}}
\centerline{\includegraphics[width=0.7\textwidth]{IDS_SecurityOnion.jpg}}
\section{Plumbing to be done}
\begin{itemize}
......@@ -105,6 +115,14 @@ Describe about this..[TO-DO]\\
\end{itemize}
\section{Challenges}
\begin{itemize}
\item Two SDN controllers, one in cloud and other in core network need to
be configured to tap the traffic without affecting the existing
services.
\item What kind of rules to be taken care in CLIPS/DROOL to take action in
the network. Example. Load Balancing, Suspicious TCP connections for a
single service etc.
\end{itemize}
%\begin{figure}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment