Simon Arndal, David Herreborg and Georgi Petrov
Status 2/11-2010
Today we were suposed to do a presentation and an demostration of the work and progress so far. Unfortunately we ran in to some small problems which actually made the P and D worthless. We found that Snort actually is located before the firewall. Clearing the block list and alerts, made it posible to continueing testing without rebooting. (a problem we were wondering how to fix).
Testing with ping.
Simplyfing the setup by deleting IDS interface in the snort interface. Eventually it does not change anything in the performance it still blocks and alerts.
Discovered that there exsist a "time gap" of the updating of blocked list. This means that it will take up to ten minutes before the "pinger" will be blocked after it apears on the block list in the web GUI.
Timer func. in snort (blocked-list)
Furthermore we will prepare the demonstration decided for tomorrow the 03/11-2010.
Timeline (PROGRESS)
Done so far:
--> 27/10-2010 <--
- Hardware requirements fullfilled (except one missing NIC)
- Software required installed (open source programs used)
- pfSense installed (Router/firewall software)
- Apache and MySQL are up and running (Webserver and Database)
- phpMyAdmin installed and works (Graphical User Interface for the MySQL database)
- HSLAB HTTP Monitor Lite installed (Apache monitoring software)
- Set up HSLAB HTTP Monitor Lite.
- Done research about snort + snort together with pfSense.
- Presentation of work so far and basic idea. --> kl. 09:56
--> 28/10-2010 <--
- Network interface card has been inserted to the pfSense PC.
- Presentation of the progress and the setup of "Caps WebDesign" --> kl. 12:23
--> 01/11-2010 <--- Add rules to the snort IPS system (Common task)
- Find another solution for monitoring the Apache server traffic internally (Simon)
- Make the Apache and MySQL more reliable (Simon)
- Add a Network Interface Card to the pfSense machine (David)
- Install snort package for pfSense (Georgi)
- Install snort package for pfSense (Georgi)
- Setup Weblog Expert Lite (Software that replaces the HSLAB) and it is working.
--> 01/11-2010 <--
- Decide on whether pfSense is the right system for us to use (Common task)
- We have chosen to move on with pfSense and Snort together.
- Get snort to work probberaly-->02/11-2010--<
- Tested where the snort was placed in the setup. (before the firewall)
- Figured out how the blocked function operates (update time)
- Proved that the setup is now reliable
What to do: (new tasks: output in green) for the 2nd of November 2010
- Find out what rules should be added to snort for alerting and blocking apache-webserver intrusion. (Gerogi)
- Search for common server vulnerbilities (Georgi,Simon)
- Find out what is metasploit (Common task)
- Find interesting metaspoilts (Common task)
What to do (future events):
- Demonstration 3/11-2010
- Do penetration testing with metasploit. (Common task)
Ingen kommentarer:
Send en kommentar