Group:
Simon Arndal, David Herreborg and Georgi PetrovContent of 28/10 (Project ITS - IDS/IPS setup):
28/10-2010 status:
The network interface card was put in place in the Pfsense machine. The rules has been downloaded for snort and the internal network is up and running. A scenario has been created.
Current scenario
To be able to present this project to a wider audience, from now on we are taking the role of a web designing company named "Caps-WebDesign". The company has a database server and a web server sitting behind a firewall with IDS/IPS. There is an administrator monitoring the servers and the network, and there is pc on the outside, which will do penetration testing. Presented below is the block diagram of the "Caps-webDesign" showing the current setup.
Timeline (PROGRESS)
Done so far:
- Hardware requirements fullfilled (except one missing NIC)
- Software required installed (open source programs used)
- pfSense installed (Router/firewall software)
- Apache and MySQL are up and running (Webserver and Database)
- phpMyAdmin installed and works (Graphical User Interface for the MySQL database)
- HSLAB HTTP Monitor Lite installed (Apache monitoring software)
- Set up HSLAB HTTP Monitor Lite
- Done research about snort + snort together with pfSense
- Presentation of work so far and basic idea. 27/10-2010 kl. 09:56
- Setup Weblog Expert Lite (Software that replaces the HSLAB) and it is working.
- Network interface card has been inserted to the Pfsense PC.
- Presentation of the progress and the setup of "Caps WebDesign" 28/10-2010 kl. 12:23
- Find another solution for monitoring the Apache server traffic internally (Simon)
- Make the Apache and MySQL more reliable (Simon)
- Add a Network Interface Card to the pfSense machine (David)
- Install snort package for pfSense (Georgi)
- Install snort package for pfSense (Georgi)
What to do: (new tasks: output in green)
- Add rules to the snort IPS system (Common task)
- Decide on whether pfSense is the right system for us to use (Common task)
- Get snort to work probberaly and do penetration testing with metasploit. (Common task)
Presentation(s):
Upcomming presentation: 2nd of November 2010
I like that you have included "what works" in the diagram.
SvarSletBesides the intruder, you will also have an ordinary user who are to access whatever is on the web server, no?
Are you not satisfied with the "weblog expert"? I'm refering to the first bullet of the todo list.
And,still on the todo list, don't you already have an extra network card in the pfsense machine?
And on a sidenote. I would suggest that you started thinking a bit about the report. You will have to write descripions of the technology and the solutions you choose - why not start now, and post it as blog entries so you don't have to do it all the last day?
I like the way you do status entries. It is very readable and give me a good impression of what you do and have done.