enhancing virtual machine security in openstack …
TRANSCRIPT
ENHANCING VIRTUAL MACHINE SECURITY IN
OPENSTACK USING SURICATA BASED INTRUSION
DETECTION AND PREVENTION SYSTEM
NOR ASHILA BINTI MOHD RASHID
BACHELOR OF COMPUTER SCIENCE
(COMPUTER NETWORK SECURITY) WITH HONOURS
UNIVERSITI SULTAN ZAINAL ABIDIN
2019
ENHANCING VIRTUAL MACHINE SECURITY IN OPENSTACK USING
SURICATA BASED INTRUSION DETECTION AND PREVENTION SYSTEM
NOR ASHILA BINTI MOHD RASHID
BACHELOR OF COMPUTER SCIENCE
(COMPUTER NETWORK SECURITY) WITH HONOURS
FACULTY OF INFORMATICS AND COMPUTING
UNIVERSITI SULTAN ZAINAL ABIDIN
2019
i
DECLARATION
I hereby declare that this report is based on my original work except for quotations and
citations, which have been duly acknowledged. I also declare that it has not been
previously or concurrently submitted for any other degree at Universiti Sultan Zainal
Abidin or other institutions.
_____________________________________
Name: Nor Ashila Binti Mohd Rashid
Date: …………………………………………
ii
CONFIRMATION
This is to confirm that:
The research conducted and the writing of this report was under my supervision.
_____________________________________
Name: Dr. Wan Nor Shuhadah Binti Wan Nik
Date: ……………………………………….
iii
DEDICATION
First and foremost, praised to Allah, the most Merciful for giving bless and
opportunity to undergo the final year project, Enhancing Virtual Machine Security in
OpenStack using Suricata based Intrusion Detection and Prevention System.
Second, I would like to express my gratitude to my caring supervisor, Dr. Wan
Nor Shuhadah Binti Wan Nik for her full support, expert guidance, kindness, ideas
towards research of this project and gives me this meaningful experience. Next, I would
like to express my appreciation to my panels, Dr. Ahmad Faisal Amri Bin
Abidin@Bharun and Dr. Nor Aida Binti Mahiddin for their thoughtful questions and
comments regarding my final year project.
Other than that, I would like to thank to my beloved family especially my mother
and my father, Norhayati Binti Abd. Ghani and Mohd Rashid bin Ibrahim for their
unconditionally love, encouragement, support either financially, physically or mentally
during this project. Besides, thanks to all my friends especially my OpenStack members
for their motivation, enthusiasm also knowledge toward this project.
Last but not least, I would also like to thank all staff of the Faculty of Informatics
and Computing for helping me directly or indirectly as well as giving me this
opportunity to explore more about my project.
iv
ABSTRACT
As a usage of cloud computing rises, companies or developers are mainly
concerned about choosing cloud infrastructure with satisfactory security. This thesis
addresses an issue on enhancing security of virtual machine or instances in OpenStack
platform as this environment increases new security challenges. In this project, the
Suricata based Intrusion Detection and Prevention System was proposed in order to
enhance virtual machine security to detect and prevent any malicious activities. When
any suspicious events occur, Suricata is capable to monitor network traffic, provide
alerts to the administrator and block the packet. Hence, virtual machine in cloud
computing can be secured.
v
ABSTRAK
Oleh kerana penggunaan pengkomputeran awan semakin meningkat, banyak
syarikat dan pemaju memilih infrastruktur perkomputeran awan dengan adanya
keselamatan yang memuaskan. Fokus project ini adalah untuk meningkatkan
keselamatan mesin maya dalam platform sumber terbuka, OpenStack, kerana
persekitaran ini meningkatkan banyak cabaran baru berkaitan isu keselamatan. Dalam
projek ini, sistem pencerobohan pengesanan dan pencegahan Suricata dicadangkan
dalam meningkatan keselamatan mesin maya untuk mengesan dan mencegah sebarang
aktiviti yang tidak bermoral. Bila berlaku sebarang kejadian yang mencurigakan,
Suricata mampu memantau rangkaian trafik, menyediakan makluman kepada pentadbir
atau admin dan menapis paket dalam system rangkaian computer. Oleh itu, keselamatan
mesin maya dalam pengkomputeran awan dapat ditingkatkan dan dilindungi.
vi
CONTENTS
Page
DECLARATION i
CONFIRMATION ii
DEDICATION iii
ABSTRACT iv
ABSTRAK v
CONTENTS vi
LIST OF TABLES xi
LIST OF FIGURES xii
LIST OF ABBREVIATIONS xv
LIST OF APPENDICES xvi
CHAPTER I INTRODUCTION
1.1 Background Project 1
1.2 Problem Statement 2
1.3 Objectives 3
1.4 Scope 3
vii
1.5 Limitations 4
1.6 Expected Result 4
CHAPTER II LITERATURE REVIEW
2.1 Introduction 5
2.2 Cloud Computing 5
2.3 OpenStack 6
2.4 Virtual Machine in Cloud Computing 7
2.4.1 Virtual machine in Cloud Computing
Research Paper 8
2.5 Intrusion Detection and Prevention System 11
2.5.1 Intrusion Detection and Prevention System
Research Paper 12
2.6 Conclusion 13
CHAPTER III METHODOLOGY
3.1 Introduction 14
3.2 Flowchart 15
3.2.1 Installation of Oracle VirtualBox 16
3.2.2 Installation and configuration of Centos 7 in the
viii
VirtualBox 16
3.2.3 Installation and configuration of OpenStack
on Centos7 17
3.2.4 Launch Virtual Machine in OpenStack 17
3.2.5 Installation and integration Suricata IDPS with
OpenStack 19
3.3 Requirement Analysis 20
3.3.1 Software Requirements 20
3.3.2 Hardware Requirements 21
3.4 System Design 21
3.4.1 Architecture of the Project 22
3.4.2 Proof of Concept 25
3.5 Summary 27
CHAPTER IV IMPLEMENTATION
4.1 Introduction 28
4.2 Project Interfaces 27
4.2.1 Configuring OpenStack 27
4.2.1.1 Allocation of Floating IP to OpenStack 29
4.2.1.2 Creating Security Group 31
ix
4.2.1.3 Managing Security Group Rules 32
4.2.1.4 Creating Key Pairs 34
4.2.1.5 Creating a Router for OpenStack 35
4.2.1.6 Creating Internal Network in
OpenStack 36
4.2.1.7 Add Internal Network (Interface) to
Router 37
4.2.1.8 Creating OpenStack Images for
Instances 38
4.2.1.9 Creating a New Instances 40
4.2.2 Install and Configure Suricata based Intrusion
Detection and Prevention System 44
4.3 Testing and Result 50
CHAPTER V CONCLUSION
5.1 Introduction 52
5.2 Project Contribution 52
5.3 Project Constraints and Limitation 53
5.4 Future Works 53
5.5 Summary 53
x
REFERENCES 55
APPENDIX 58
xi
LIST OF TABLES
TABLE TITLE PAGE
2.1 Virtual machine in Cloud Computing Research
Paper. 9
xii
LIST OF FIGURES
FIGURE TITLE PAGE
3.0 Flowchart of Enhancing Virtual Machine Security in
OpenStack by Using Suricata Intrusion Detection and
Prevention System 15
3.1 A framework of installation and configuration of OpenStack 16
3.2 A framework of a process on creating instance in OpenStack 19
3.3 A framework of Network Topology 18
3.4 Architecture of OpenStack 22
3.5 A flowchart of processes involves in Neutron 23
3.6 An architecture of Suricata IDPS 24
3.7 Configuration of Centos 7 25
3.8 Configuration Centos 7 with Putty 26
3.9 Installation component of OpenStack 26
4.0 Overview of the OpenStack dashboard 29
4.1 An allocation a floating IP to project 30
xiii
4.2 An allocate floating IP to external pool 30
4.3 Successfully adding Floating IP 31
4.4 Overview of security group 31
4.5 An interface to create the security group 32
4.6 Overview of managing security group rules 32
4.7 An interface to add SSH rule 33
4.8 An interface to add HTTP rule 33
4.9 An overview of key pairs 34
4.10 An interface to create Key Pair 34
4.11 Create a router for OpenStack 35
4.12 Overview of routers 35
4.13 Create a network 36
4.14 Create a subnet 36
4.15 An overview of networks 37
4.16 Add interface 38
4.17 The list of images 38
4.18 Overview of Images 39
4.19 Add OpenStack Image details 39
4.20 Add hostname to OpenStack Instance 40
4.21 OpenStack Instance Boot Source and CentOS 7 text image 40
xiv
4.22 Add resources to OpenStack Instance 41
4.23 Add network to OpenStack Instance 41
4.24 Add security group to the instance 42
4.25 Add keypair to the instance 42
4.26 Configuration Scripts 43
4.27 Overview of instances 43
4.28 Instance console 44
4.29 Network topology 44
4.30 Install iptables services 45
4.31 Successfully install iptables services 45
4.32 Install Suricata from source 46
4.33 Installation of Oinkmaster Rule Manager 48
4.34 Start the Suricata 49
4.35 The Component that used to run Suricata 50
xv
LIST OF ABBREVIATIONS
VM Virtual Machine
CPU Central processing unit
IaaS Infrastructure-as-a-Service
PaaS Platform-as-a-Service
SaaS Software-as-a-Service
VNF Virtual network function
DNS Domain Name Server
IDS Intrusion Detection System
IPS Intrusion Prevention System
IDPS Intrusion Detection & Prevention System
xvi
LIST OF APPENDICES
APPENDIX TITLE PAGE
A Gantt Chart FYP 1 58
B Gantt Chart FYP 2 59
1
CHAPTER I
INTRODUCTION
1.1 Background Project
Cloud computing relies heavily on virtualization. Cloud computing
services can be private, public or hybrid. Private cloud computing in which an
enterprise uses a proprietary architecture and runs cloud servers within its own
data centre. Some examples of top vendors that creates private cloud are
VMware, Red Hat and OpenStack. Public cloud in which a third-party provider
makes computes resources available to the public over the internet. With public
cloud, enterprises do not have to set up and keep up their own cloud servers in
house, such as AWS, Microsoft Azure, and Google Cloud Platform.
Meanwhile, a hybrid cloud is a combination of two or more clouds (public and
private cloud). The NIST divides the services by the cloud computing into three
categories namely Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS)
and Infrastructure-as-a-Service (IaaS).
2
This project used an OpenStack as a cloud computing platform.
OpenStack is an operating system that contains a set of open source software
tools that allow users to create either public or private cloud. OpenStack mostly
deployed as Infrastructure-as-a-service (IaaS). There are many companies and
developers implement or use the OpenStack as their cloud platform. OpenStack
is managed by the OpenStack Foundation at 2016 but began as a joint project
of RackSpace Hosting and NASA in 2010.
This project concerns on security issues in the cloud computing
environment. However, this project focusses on improving the security of VM
which is one of the most important issues that should be noted. In order to
improve virtual machine security, this project proposed the application of
Suricata as a platform for Intrusion Detection System/ Intrusion Prevention
System. Suricata based Intrusion Detection and Prevention System is an open
source, fast, mature and robust network threat detection and prevention system.
Suricata is a system for the network intrusion analysis and capable to monitor
network traffic and provide alerts to the system administrator when suspicious
events occur.
1.2 Problem Statement
Nowadays, there are many companies or developers used cloud
computing platform to run their businesses. One of the most well-known cloud
platforms is OpenStack. Because of the usage of cloud computing increases,
customers are mainly concerned about choosing cloud infrastructure with
3
sufficient security. Concerns are greater in the virtual machine environment on
a public cloud. This environment raises new security challenges. It will easier
to hacker to get the information or data because the cloud computing platform
used static IP. The hacker can use many tools and techniques to attack the
virtual machine because there is no high-security component implement in
cloud computing. Thus, the existence of the properly configured firewall and
continually updated antimalware still does not guarantee the protection of the
virtual machine instances in the cloud.
1.3 Objectives
The objectives of this project are:
1) To propose a framework to secure virtual machines in the cloud
computing environment using Suricata IDPS.
2) To configure the proposed framework on OpenStack cloud platform.
3) To test and integrate OpenStack cloud platform with Suricata based
Intrusion Detection and Prevention System.
1.4 Scope
The scopes of this project are as follows:
1) This project configures one of the cloud computing platforms called
OpenStack, or any platforms which its functions are similar to
OpenStack.
4
2) This proposed framework is targeted for one of the Intrusion
Detection System/ Intrusion Prevention System platforms called
Suricata or any platform which its functionality or rules are similar to
Suricata.
3) The project integrates Suricata-based Intrusion Prevention System
into the OpenStack cloud platform.
1.5 Limitations
Some technical challenges of this project are described as follows:
1) No references for the similar project from senior’s Thesis at the Faculty
of Informatics and computing.
2) More time was allocated in the installation process and complicated to
configure the OpenStack cloud platform.
3) It will be difficult to detect if the black hat communities use an
intelligent attack.
1.6 Expected Result
Based on the objectives, an optimal result can be achieved which are:
1) Improves virtual machine security by using Suricata-based
Intrusion Prevention System
2) Secure Virtual Machine on OpenStack cloud platform.
3) Provide both detection and prevention from any malicious
activities in cloud system.
5
CHAPTER II
LITERATURE REVIEW
2.1 Introduction
This chapter discusses the previous work in cloud computing and the
Suricata Intrusion Detection and Prevention System. The discussion gives more
understanding of what and how the cloud computing and Suricata Intrusion
Detection and Prevention System works.
2.2 Cloud Computing
Cloud computing is the on-demand delivery of computing power,
applications, database storage, and other IT resources through a cloud services
platform over the internet with pay-as-you-go pricing. Rather than have their
own computing infrastructure or data centre, they can only pay when they
consume computing resources and only pay for that consumptions. Cloud
computing enables developers to consume computer resources such as storage,
virtual machine (VM), or an application (Rouse, 2017). 451 researches predict
that around one out of three of enterprise IT spending will be on hosting and
6
cloud services this year “indicating a growing reliance on an external source of
management, infrastructure, application, and security services”. Analyst
Gartner estimates that half of the global enterprises using the cloud now will
have gone all-in on it by 2021 (Ranger, 2018).
(Aleksandar Donevski, 2012) told that cloud computing raises new
security challenges compared to traditional on-premise due to its multi-tenant
virtual environment on each cloud service layer: Infrastructure-as-a-Service
(IaaS), Platform-as-a-Service (PaaS) or Software-as-a-Service (SaaS). They
found that, although the tenants are isolated, they (the tenants) share the
hardware resource, virtual machines, the same database or even the same table.
So, they proposed to use two most common security vulnerability scanners in
order to secure the tenants. However, they will continue the security
assessments with other vulnerability scanners in order to help the customers to
select the best scanner utility for detection in cloud platforms.
2.4 OpenStack
OpenStack falls into the latter category which is considered as
Infrastructure as a Service (IaaS). OpenStack lets the user install the virtual
machine and other instances that handle different tasks for managing a cloud
environment on the fly. OpenStack has a few main components which are
Horizon, Nova, Neutron, Keystone, and Glace that are a part of the core of
OpenStack. Hala Albaroodi and friends found several flaws in OpenStack (Hala
Albaroodi, 2014). They claimed that certain parts of OpenStack are considered
secure while others need to be improved.
7
In the research paper by Dr. Urmila R. Pol, OpenStack is an especially
scalable open source cloud operating system that is a global alliance of
developers and cloud computing technologists producing the ubiquitous open
source cloud computing platform for public and private clouds. OpenStack
provides series of interrelated projects delivering various components for a
cloud infrastructure solution as well as controls large pools of storage, compute
and networking resources throughout a datacentre that all managed through a
Dashboard (Horizon) that gives administrators control while empowering their
users to provision resources through a web interface (Pol, 2014). In the paper,
they present an overview of Cloud Computing Platform such as OpenStack,
Eucalyptus, CloudStack and Open nebula which is open source software, cloud
computing layered model, components of OpenStack, architecture of
OpenStack. This paper was important to the project because it show mainly
important of OpenStack as a Cloud provider and its installation.
2.4 Virtual Machine in Cloud Computing
Cloud computing is in need of more secure solutions to gain customers
trust in the cloud hosts and verify their own VM’s data security (Xichun Yue,
2016). As the indispensable and significant components, the security of virtual
machines has also attracted the attention of many researchers. Absalom E.
Ezugwu found that virtual machine allocation problem is one of the challenges
In the paper, Mudassar Aslam, Cristian Gehrmann, et. al consider the
Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run
their own virtual machine (VMs) on available cloud computing resources. IaaS
8
gives enterprises the possibility to outsource their process workloads with
minimal effort and expense. However, one major problem with existing
approaches of cloud leasing, is that the users can only get contractual
guarantees regarding the integrity of the offered platforms (Aslam, 2012). In
the paper, they address the issues and propose a novel secure VM launch
protocol using Trusted Computing techniques.
The other research wrote by Nicolae Paladi and teams, a virtualized
computing infrastructure allows clients to run own services in form of virtual
machines on shared computing resources (Nicolae Paladi, 2012). This approach
however introduces new challenges. They have designed a trusted launch
protocol for VM instances in public IaaS environments. They also present a
proof-of-concept implementation of the protocol based on OpenStack.
2.4.1 Virtual Machine in Cloud Computing Research Paper
Table 2.1 below shows a summary of the literature review related to the
virtual machine in cloud computing. The author’s name, algorithm and
techniques used in the research, strength and weaknesses of the research is
being documented in the table.
9
Table 2.1: Virtual machine in cloud computing research paper.
No. Title / Authors Algorithms /
Techniques
Strength Weaknesses
1
Network
Security for
Virtual Machine
in Cloud
Computing.
Hanqian Wu, Yi
Ding, Chuck
Winer, Li Yao
(2010)
A novel virtual
network model
based on
analysis of
Xen.
Efficiently prevent
VMs from attacks
such as sniffing and
spoofing in theory.
Unable to block
the
communication
among VMs
within a shared
network. The
paper just
assumes that VMs
belong to a same
virtual shared
network are
trustful to each
other.
2
Survey on
Secure Live
Virtual Machine
(VM) Migration
in Cloud.
Naveed Ahmad,
Ayesha Kanwal
Post-copy
migration
techniques
The paper has
investigated the
vulnerabilities and
threats on live VM
migration and
defined security
requirements for
No complete
solution for live
VM migration
which fulfils the
aforementioned
security
requirements.
10
and Muhammad
Awais Shibli
(2013)
detailed analysis of
existing solutions.
3
An optimized
Approach to
Protect Virtual
Machine Image
Integrity in
Cloud
Computing.
Xichun Yue,
Limin Xiao,
Weidian Zhan,
Zhigang Xu, Li
Ruan, Rui Liu
(2016)
Architecture of
Integrity
Protection.
Reduce the time
cost of the
measurement
module and protect
the integrity of VM
images without
much resource
consumption.
The idle of CPU
still In higher state
of percentage and
this project
implemented in
small cloud
environments.
4
A Secure and
VM-Supervising
VDI System
Based on
Openstack.
Weidian Zhan,
Li Ruan, Xichun
VDI system
The result of the
paper shows the
efficiency and low
performance cost of
the system and
confirms that it can
maintain the correct
The system relies
on the OpenStack
cloud platform to
provide VM
management.
11
Yue, Zhigang
Xu, Limin Xiao.
(2016)
state of the VMs
and ensure the
continuity of the
desktop connection
to some extent.
2.5 Intrusion Detection and Prevention System
The Intrusion Detection System (IDS) helps to detect and alert about
potential attacks by analysing network traffic and determining whether the
observed behaviours complies with the predefined allowed conditions
(Fekolkin, 2015). Fekolkin found that, regardless of the IDS type, the security
has to be structured in a way that would not interfere with the productivity of
an organization. Moreover, the Intrusion Prevention System (IPS) can be
considered as enhancement of IDS, because it capable of blocking potentially
undesirable activities. Hence, their paper was concentrated upon the network
Intrusion Detection and Prevention System (IDPS).
In the research wrote by Roman Fekolkin, he discussed about the
architecture of Snort and Suricata IDPS engines. Snort is a single-threaded
signature-based network IDPS and it is one of the commonly used IDS engines
(Fekolkin, 2015). The Snort IDS and IPS system became a worldwide famous
feature to protect the network (Sergey, 2016). However, other studies have
shown that it is important to overcome the computational limitations of single-
threaded IDPS and Suricata is one of multi-threaded IDPS that can be
implemented in cloud computing (Fekolkin, 2015). The results that has been
12
analysed by David Jonathan Day and Benjamin M. Burns shown that Suricata
has a higher accuracy rate than Snort, although this comes at the cost of putting
an increased relative demand on the CPU.
2.5.1 Intrusion Detection and Prevention System Research Paper
Ku. Rupali D. Wankhade proposed Suricata intrusion detection system
to secure virtualized server in the cloud platform. The project validated the
intrusion detection system in detecting DDOS attack against the virtualized
environment and protect cloud efficiently from vulnerability (D.Wankhade,
2016). However, the limitation of this project is Suricata does not block any
malicious events occur because the project is implemented in IDS mode.
Roman Fekolkin proposed the solutions to secure network of computers
using Snort and Suricata IDPS. Both IDPS were open-source solutions which
can make them very flexible when it comes to configuration with accordance to
very specific contexts. This paper briefly explained the advantages of both IDPS
but the author claimed that the choice of IDPS solutions depends on the
contextual aspects that might significantly vary from one case to other, just as it
is the case with any security solution implemented (Fekolkin, 2015).
Mayank Kumar proposed an intrusion detection system package called
Snort that deployed on Ubuntu running on a virtual machine in Microsoft Azure
cloud system. This project demonstrates how a VM instance on the cloud can
be secured through IDS. The limitation of this project is Snort cannot detect
intrusion coming from outside of a network (Kumar, 2017).
13
2.6 Conclusion
This chapter discussed the related works that are used as references to
complete the project. The analysis is done in order to find the best technique
and method that is suitable to be implemented in this project.
14
CHAPTER III
METHODOLOGY
3.1 Introduction
The methodology is a series of steps used to complete the project. It is a
very important part in project development because it should be a narrative of
the steps to gather the data to allow the research can be conducted efficiently.
The understanding of the general framework design and flow chart will be told
in this chapter. This chapter contains methods, technique or approach that will
be used during the design and implementation of the project.
15
3.2 Flowchart
Figure 3.0 shows the overall flowchart of this project in enhancing the security
of Virtual Machine in OpenStack by Using Suricata Intrusion Prevention System.
1.
2.
3.
4.
Figure 3.0: Flowchart of Enhancing Virtual Machine Security in OpenStack by
Using Suricata Intrusion Detection and Prevention System.
The first step is to install virtual box as a platform of virtualization. Next,
configure OpenStack in terminal CentOS 7 then launch two virtual machine or
instances in order to secure communication between them. After that install Suricata
IPS and integrate it with OpenStack.
CentOS 7
(1) Install VirtualBox
(3) Configure OpenStack on
CentOS 7
(2) Install and Configure CentOS 7
CentOS 7
(5) Install and integrate
Suricata with OpenStack
Virtual machine
(4) Launch Virtual Machine based
OpenStack
16
3.2.1 Installation of Oracle VirtualBox.
Virtual box is a cross-platform virtualization application [1]. Oracle VirtualBox
enables to set up one or more virtual machines on a single physical machine.
Host Operating System requirements:
i. Windows edition: Windows 10 Pro
ii. Manufacturer: Dell Technologies
iii. Processor: Intel® Core™ i5-44405 @ 2.80GHz 2.80GHz
iv. Installed memory (RAM): 8.00 GB
v. System type: 64-bit Operating System, x64-based Processor
3.2.2. Installation and configuration of CentOS 7 in the VirtualBox.
Community Enterprise Operating System (CentOS) is a 100% free
operating System distribution based upon the Linux Kernel [5]. CentOS is not Red
Hat Enterprise Linux (RHEL) but it is a Linux distribution derived entirely from the
Red Hat Enterprise Linux (RHEL). CentOS Linux claims that it is widely popular
with Linux Users, web hosts, and small business.
17
3.2.3. Installation and Configuration of OpenStack on CentOS 7
OpenStack will be installed in this project since it is a scalable solution
and more than 60 leading companies participate in its development (Ritov, 2013).
Installation of OpenStack will be done by using a command line in terminal Centos
7.
Figure 3.1: A framework of installation and configuration of OpenStack.
3.2.4. Launch Virtual Machine in OpenStack.
This project creates two instances (virtual machine) in order to test the
communication between them. In this environment setup, this project proposes the
techniques that will be used. This could be a virtual machine from another network
in the same OpenStack cloud trying to make unauthorized access.
Install OpenStack using command line in terminal
Centos 7
- install all the OpenStack
Component.
-get the IP address and password for
admin
Using PuTTY to remote access the OpenStack and get Admin
password.
Open OpenStack dashboard
18
The instances will be configured in OpenStack using a command line before the
graphical user interface (GUI) were installed. To access control of the instances that
have been made, the private key must be generated by using PuTTYgent.
Figure 3.2: A framework of a process on creating instance in OpenStack.
After the instances have been created, it will create a new environment in the
internal network. The interfaces will look like this (see Figure 3.0) after all the
configuration finishes. This picture was taken as a reference or overview of how it
will look alike. It is also known as Nested Virtualization because there is another
instance (virtual machine) created on the cloud. Figure 3.3 below shows the example
of two instances image that created in the same network.
1) Instance name
2) Source (Image)
3) Select Image
4) Allocate flavour
Launch Instances Create Instances
Generate the username
and password by using
PuTTY.
Log in as a user
and install all
the component
-Using PuTTY gent to create a private key based on
public key given in key pairs.
-Using putty to access control to instances using
the private key.
19
Figure 3.3: A framework of Network Topology
3.2.5. Installation and integration Suricata IDPS with OpenStack
To enable Suricata IDPS as a virtual network function (VNF) in OpenStack,
first, we have to deploy OpenStack with Contrail SDN that will bring NFV into the
cloud. Second, we have to create a VM image with the Suricata IDPS installed.
Then, configure the Contrail SDN to run an IDPS service instance (VNF) and steer
the traffic to the instance for further analysis.
Suricata Based Intrusion Detection and Prevention System is an engine that
capable to provide the alert and prevent the system from the hacker or black hat
communities. The rules of Suricata can have action like “alert” and “log” in IDS
mode and additional “drop”, “sdrop” and “reject” action when running in IPS mode
(Fekolkin, 2015). While configuring Suricata, there are some rules should be listed
20
down. For example, of basic rules that help Suricata to drop or block malicious
activity:
1) drop tcp any any -> any-any (msg: “facebook is blocked”;
content:“facebook.com”; http_header; nocase; classtype:policy-violation; sid:1;)
2) drop icmp any any->any any (msg:“DROP test ICMP ping from any
network”;icode:0;itype:8; classtype:trojan-activity; sid:99999999;rev:1;)
There are many rules in Suricata and each of them has its own function.
All of these rules were written in local.rules by type default-rule-path:
/etc/Suricata/rules/local rules in terminal.
3.3 Requirement Analysis
Project requirement analysis needed in making the development and
implementation of the project to become successful. There are two requirements
used in this project:
3.3.1 Software Requirements
Software requirement of this project are:
i. Oracle VirtualBox
ii. CentOS 7 x86 64-bits minimal
iii. Microsoft Word 2016
iv. Microsoft Office PowerPoint 2016
v. Windows 10
21
vi. PuTTY 64-bits version 0.70
3.3.2 Hardware Requirements
Hardware requirements of this project are:
1) PC Lab-KRK
i. Manufacturer: Dell Technologies
ii. Processor: Intel® Core™ i5-44405 @ 2.80GHz 2.80GHz
iii. Installed memory (RAM): 8.00 GB
iv. System type: 64-bit Operating System, x64-based Processor
v. Laptop (Lenovo, 4GB RAM, AMD A8-5550M APU with Radeon™ HD
Graphics, 64-bit Operating System, x64-based processor)
2) Mouse
3) Printer
3.4 System Design
To specify the requirement, all the process that defines the architecture
and proof of concept for project development is explained in this phase. The
framework of the overall project is designed and defines them in the specific model.
22
3.4.1 Architecture of the project
Figure 3.4 below shows the architecture of OpenStack with few
components that are related to each other, namely Horizon (dashboard), Identity
Service (Keystone), Compute (Nova), Block Storage (Cinder), Networking
(Neutron), Image Service (Glance), and Object Storage (Swift).
Figure 3.4: Architecture of OpenStack (OpenStack, 2018)
As a web-based interface for cloud administrator and cloud tenants, the
OpenStack Dashboard (Horizon) is provided. Using this interface, administrator and
tenants can manage, provision and monitor cloud resources (OpenStack, 2018). This
project will be focused on 3 main components which is Nova, Neutron, and Glance.
OpenStack Compute (Nova) used to support the management of virtual machine
instances, instances that host-multi-tiered applications, and important to test
environments. In order to manage networking, OpenStack Neutron is the important
components. OpenStack Neutron provides networking services to cloud users
(tenants) such as IP address management, DNS, DHCP, load balancing and security
group. This service also allows cloud tenants to manage their guest network
configuration. Then, this project will use OpenStack Image service known as Glance
to launch virtual machine or instances. This service provides disk-image
23
management services, including image discovery, registration, and delivery services
to the Compute service, as needed.
Figure 3.5: A flowchart of processes involves in Neutron
(OpenStackComunity, 2018)
Figure 3.5 shows the workflow process for tenant instance creation in
order to secure OpenStack Networking. Four services that interact with OpenStack
Networking: Dashboard, Identity, Compute node, Network node and SDN service
node.
24
Figure 3.6 An architecture of Suricata IDPS
As we can see in Figure 3.6, the process of network traffic analysis can be
accomplished by capturing the packet directly from the network interface card or by
using the pre-recorded traffic. The packet that has been captured will be decoded to
know its IP address and a few details about the packet. Then in the stream
reassembly engine, the packets are assembled into stream-queues, which in the
thread engine, will then be fetched for the procession by a certain thread (Fekolkin,
2015). When fetching a packet, each thread invokes a Queue Handler part which
actually deals with fetching and ditching of packets in a thread. The user can
configure the number of “Detect” threads to be located in the thread engine. After
OUTPUT
DETECT DETECT DETECT
DECODE & STREAM APPLICATION LAYER
PACKET CAPTURE
NETWORK
25
comparing the packets signatures and deciding which packets should be dropped or
accepted, the output logs are then produced (Fekolkin, 2015).
3.4.2 Proof of Concept.
Figure 3.7 and 3.8 shows the installation of the CentOS 7 that install in Oracle
VirtualBox.
Figure 3.7: Configuration of CentOS 7
26
Figure 3.8: Configuration Centos7 with Putty
Figure 3.9: Installation component of OpenStack
Figure 3.10 above shows the successful installation of OpenStack component.
27
3.5 Summary
As a conclusion, in order to produce a complete project within the time
given, the selection of suitable methodology is needed. This methodology provides
systematic steps in the development of the project and can carry out the minimal
error.
28
CHAPTER IV
IMPLEMENTATION
4.1 Introduction
The first objective is achieved. This chapter contains steps to configuring the
OpenStack cloud platform and Suricata Intrusion Detection and Prevention System.
There are several steps that must be followed in order to achieve the second and third
objective such as configuring OpenStack dashboard, create instances, install Suricata
intrusion detection and prevention system, configure Suricata intrusion detection and
prevention system and integrate OpenStack and Suricata intrusion detection and
prevention system.
29
4.2 Project Interfaces
4.2.1 Configuring OpenStack
Figure 4.0 Overview of the OpenStack dashboard
Figure 4.0 shows the OpenStack dashboard which known as the horizon that
provides a web-based user interface to OpenStack services. Cloud administrators and
users enable to manage various resources and services of OpenStack such as create and
manage images, launch instances, create and manage the network, create and manage
the router, create and manage flavor and volume. There are a few steps should be
configured before launching an instance. The important step is allocating float IP and
enable telnet and HTTP connection for instances.
4.2.1.1 Allocation of Floating IP to OpenStack
In order to allow external access from outside networks or internet to an
OpenStack instance, the user should allocate an IP to the project.
30
Figure 4.1 An allocation a floating IP to the project.
Figure 4.2 An allocation a floating IP to the external pool.
Figure 4.1 and 4.2 show how to allocate a floating IP to the project and public
pool. Log in as an admin credential and go to the Project tab. Hit the Compute panel
and search for Floating IPs. The IP address should appear in the dashboard when the
user hit the external Pool and Allocate IP button. It is a good thing to do to allocate a
floating IP for each instance that is run.
31
Figure 4.3 Successfully adding Floating IP
Figure 4.3 shows the list of IP address that successfully allocated to the project.
4.2.1.2 Creating Security Group
Figure 4.4: Overview of the security group
Figure 4.4 shows an overview of the security group at the OpenStack dashboard.
Security groups are sets of IP filter rules that define networking access to the instances.
The admin can edit and add the new rules to the default group and can create a new
group and manage the new rules.
In this project, a new security group and a few rules were created to enable telnet
and HTTP connection for instances. It was important for admin to easily remote access
32
to the instances and give basic security to the instances. An interface to create a security
group should look alike the figure 4.5 below.
Figure 4.5 An interface to create the security group.
4.2.1.3 Managing Security Group Rules
After security group has been created, the next step is to manage security group
rules whereas, in this project, SSH and HTTP rules have been added.
Figure 4.6 Overview of managing security group rules
Figure 4.6 is an overview of managing security group rules that can be added or
deleted the rules.
33
Figure 4.7 An interface to add SSH rule
Figure 4.7 shows SSH rule has been added to the security group. If the instances
were created in the same network, it is important to allow SSH rule. Secure Socket Shell
(SSH) is a network protocol that provides admin or user with a secure way to access a
computer. In this project, SSH rule was used as a method for secure and allow remote
login from one computer to another and bind using the group port 22(SSH).
Figure 4.8: An interface to add HTTP rule
Figure 4.8 shows the HTTP rule was added to the security groups. Hyper Text
Transfer Protocol (port 80) was set in order to connect one VM to another VM and the
port from which a computer sends and receives Web client-based communication and
34
messages from a Web server. So, in order to install software or anything, HTTP rule is
enabled admin or user to connect to the internet.
4.2.1.4 Creating Key Pairs
Figure 4.9: An overview of key pairs
Figure 4.9 shows an overview of key pairs section in the OpenStack dashboard.
The key pairs are the public key of an OpenSSH key pair to be used for access to created
servers.
Figure 4.10: An interface to create Key Pair
Figure 4.10 shows an interface to create new key pairs. Hit on +Create Key Pair
button when done.
35
4.2.1.5 Creating a Router for OpenStack
Figure 4.11: Create a router for OpenStack.
A router is a logical component that forwards data packets between networks
and provides Layer 3 and NAT forwarding to provide external network access for
servers on project networks (Openstak.org, 2019). A router will be a gateway for
instances and make sure the instances can get a network connection. To create a router,
select Router under Network panel, then type the router name and choose the external
network. After that, hit Create Router button when done. Figure 4.11 above shows the
interface to create a router.
Figure 4.12: Overview of routers.
Figure 4.12 shows the list and the details of the routers that have been created.
It can be edited and deleted unused routers.
36
4.2.1.6 Creating Internal Network in OpenStack
The OpenStack Networking services (neutron) provides an API that allows users
to set up and define network connectivity and addressing in the cloud (Openstack.org,
2017).
Figure 4.13: Create a network.
Figure 4.14: Creating a subnet.
Figure 4.13 and Figure 4.14 shows the step to create a network (interface) for
the router. First is name the network as MyNetwork, and create subnet name as
MySubnet with IP 192.168.0.0/24. Hit the Next button when done. This network assigns
the client to the web server nodes and enables admin to allocate floating IPs.
37
Figure 4.15: An overview of networks
Figure 4.15 shows an overview of the network that has been created.
4.2.1.7 Adding an Internal Network (Interface) To Router.
A private IP address can be assigned by admin to each instance. Compute makes
a distinction between fixed IPs and floating IPs. Fixed IPs are IP addresses that are
assigned to an instance on the creation and stay the same until the instance is explicitly
terminated. Floating IP addresses can be associated and disassociated with another
instance at any time. An internal network interface is used to enable communication in
the internal network between the instances.
38
Figure 4.16: Add interface
Figure 4.16 shows the step to add interface. First, just click on MyRouter and
click +Add Interface on the box that has appeared.
4.2.1.8 Creating OpenStack Images for Instances
The project has used the images that already created by the third party. Figure
4.16 below shows the links to download the latest packaged images. In this project,
CentOS 7 and default CirrOS image was created.
Figure 4.17 The list of images
39
Figure 4.18: Overview of Images
Figure 4.18 shows the overview of Images that have been created. First, go to
OpenStack web panel, and navigate to Project, choose Images under Compute panel
and hit +Create Image button as the figure above.
Figure 4.19: Add OpenStack Image details.
Figure 4.19 shows adding an image detail which is this project used QCOW2
format with only 958.44 MB in size. After browsing the file that has been downloaded
and set the format, hit Create Image button.
40
4.2.1.9 Creating a New Instances
The virtual machine that run inside the cloud environment is called instances.
The parameter should be gathered before launching an instance and can be run based
on the image that was created earlier. Figure 4.20 until Figure 4.26 show the steps on
how to launch an instance. The first step is to name the instance (the name will be used
to form the virtual machine hostname), leave the availability zone to Nova and use one
instance count like Figure 4.20 below.
Figure 4.20: Add hostname to OpenStack Instance.
Figure 4.21: OpenStack Instance Boot Source and CentOS 7 text image.
41
Figure 4.21 shows how to set the instance source. Select Image as Boot Source
and add CentOS 7 image that was created as shown in the figure above. Hit the Next
button to proceed further.
Figure 4.22: Add resources to OpenStack Instance
The next step is to allocate the instance resources by adding a flavor that suitable
the needs as shown in Figure 4.22 above. Then, click the Next button to move on.
Figure 4.23: Add network to OpenStack Instance
The next step is adding one available network that was created to the instance
using the + button and hit the Next button. In this project, the internal network is used
as shown in Figure 4.23 above.
42
Figure 4.24: Add security group to the instance.
Figure 4.25: Add keypair to the instance.
Figure 4.24 and Figure 4.25 show the security group and key pair that choose
for the instance.
43
Figure 4.26: Configuration Scripts
Figure 4.26 shows the configuration scripts. The configuration script is useful
when the instance can’t connect by using SSH. So, when the instance starts for the first
time, enter the default username. The default username for CentOS is centos, default
username for Ubuntu is ubuntu and so on. After that, enter the password that has been
created at the configuration box earlier as shown in Figure 4.26.
Figure 4.27: Overview of instances
Figure 4.27 shows the list of instances that were created. Don’t forget to select
the floating IP for instances. Hit on the right arrow from Create Snapshot menu button,
choose Associate Floating IP then select one of the floating IP that has been created
earlier and hit the Associate button. Associate floating IP is important to make the
instance reachable from the internal LAN.
44
In this project, there are two instances that will be used. One instance as a
defendant and the other one will be an attacker.
Figure 4.28: Instance console
Figure 4.28 shows the instance console. Enter the username and password that
has been shown in Figure 4.26. In order to create a root password, just use the command
‘sudo password root’ and the user will be requested to enter the new password.
Figure 4.29: Network topology.
Figure 4.29 shows an overview of the network of this project.
45
4.2.2 Install and Configure Suricata Based Intrusion Detection and Prevention
System.
Setting up Suricata on CentOS 7 from the source code consists of a few steps
such as downloading the code, configuring and compiling the code, installing it to an
appropriate directory and lastly configuring the rules. Installation Suricata should be
as root, not a user.
The first step is to enable iptables after disabled firewalld. The command is
shown as Figure 4.30 and Figure 4.31 below.
Figure 4.30: Install iptables services
Figure 4.31: Successfully install iptables services.
46
Next is to prepare the server by installing all the required libraries using this
command:
Before install Suricata, this project has to install epel using this command:
After libraries are prepared, Suricata will be installing from the source by using this
command:
Figure 4.32: Install Suricata from the source.
Next step is to fetch the Suricata tarball and decompress it as command below:
yum -y install gcc libpcap-devel pcre-devel libyaml-devel file-develmariadb-devel GeoIP-
devel \zlib-devel jansson-devel nss-devel libcap-ng-devel libnet-devellibnetfilter_queue-
devel ethtool -y
yum install epel-release
yum -y install libnetfilter_queue-devel
wget http://www.openinfosecfoundation.org/download/suricata-4.1.3.tar.gz
tar -xvzf suricata-4.1.3.tar.gz
./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-
geoip
cd suricata-4.1.3
47
The command above shows the step to configure the source to compile the Suricata as
IPS.
Then, compile the Suricata using this command:
Create a directory for Suricata’s log information and to prepare the system for using it,
use this command:
The next step is to copy classification.config, reference.config and suricata.yaml from
the base installation directory using this command:
The Oinkmaster was configured. Oinkmaster is a tool to help manage the signatures.
Oinkmaster can downloaded from
http://prdownloads.sourceforge.net/oinkmaster/oinkmaster-2.0.tar.gz as shown in
Figure 4.33 below.
make && make install-full
mkdir /var/log/Suricata
mkdir /etc/suricata
cp classification.config /etc/Suricata
cp reference.config /etc/suricata
cp suricata.yaml /etc/suricata
48
Figure 4.33: Installation of Oinkmaster Rule Manager
Then, create a directory for Oinkmaster and decompress Oinkmaster tarball using this
command:
The rules can be found at
http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz. Open
oinkmaster.config and add the link as below and don’t forget to place # in front of the
URL:
After that, a directory for the new rules was created. Then follow the next steps using
the next commands:
mkdir /etc/oinkmaster
tar xvf oinkmaster-2.0.tar.gz
vi /etc/oinkmaster/oinkmaster.conf
#http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz
mkdir /etc/suricata/rules
/etc/oinkmaster/oinkmaster.pl -C
/etc/oinkmaster/oinkmaster.conf -o
/etc/suricata/rules
49
The ruleset already downloaded and use 3 commands above as one single line in order
to update the rules.
Now, start the Suricata using this command:
Figure 4.34: Start the Suricata.
Figure 4.34 shows that Suricata is ready to capture all incoming and outgoing packets.
50
4.3 Testing and Result
Before start the penetration test, IP address of the defendant and attacker was
checked by using ifconfig command. In this project, the IP address that will be used is
192.168.0.15 (CentOS 7) The other IP address is 192.168.0.5 (CirrOS) as an attacker
and ping to the defendant instances. Before that, run Suricata to detect all the
activities. Run Suricata with this command:
After that, Suricata log and all version of the component that will be used will appear.
For this project, the version for Suricata is 4.1.3 which is the latest version of Suricata.
While the version for libpcap is 1.5.3 as shown in Figure 4.35 below.
Figure 4.35: The component that used to run Suricata.
suricata -c /etc/suricata/suricata.yaml -q 0 &
51
After that, start pinging from the attacker using this command:
After run this command, the sequence of the packet transmitted from victim pc
to attacker pc will be appear. Pinging is one of the denials of service attack which is
request packet from another computer and make that computer busy and cannot do
other tasks.
This project has inevitable problems and constraints which cannot be
continued. The result from the Suricata log that contains all detail that Suricata was
captured for a certain time cannot be shown.
ping 192.168.0.15
52
CHAPTER V
CONCLUSION
5.1 Introduction
This chapter discusses the contribution of Enhancing Virtual Machine Security
in OpenStack using Suricata Intrusion Detection and Prevention System. Other than
that, project constraints, limitations and advancements for the future evolutions also
discussed in this chapter.
5.2 Project Contribution
The contribution of this project is to secure virtual machines or instances in the
OpenStack environment. In most cases, the clients do not take it seriously to protect
their instances and most of the security is used to protect from outside. The existence
of the properly configured firewall and continually updated antimalware still does not
guarantee the protection of the virtual machine instances in the cloud. This project is
53
giving security protection inside the OpenStack environment and protect from intruders
or black hat community in the virtual machines itself.
5.3 Project Constraints and Limitation
This project has some constraints and limitation that occur in the construction
and design phase. There will be the possibility to the intruders to attack the OpenStack
environment which is probably to the instances to corrupt is high due to the attack.
Moreover, this project will detect and prevent malicious activities that occur in the
instances by just identify the IP address of intruders or attackers. It will be difficult to
detect if the black hat community uses an intelligent attack.
5.4 Future Works
This technique could be improved in many ways for instances to test Suricata
rule with other varieties of intrusion such as teardrop attack and wormhole attack. In
addition, it is good if Suricata also can detect intrusion from external IP.
5.5 Summary
For the conclusion, at the end of this research, the project came out with a
technique for Enhancing Virtual Machine Security in OpenStack using Suricata based
Intrusion Detection and Prevention System. The project is intended to secure the virtual
machine in the OpenStack cloud environment and provide both detection and
54
prevention from any malicious activities. This technique provides users to see any
malicious activities that occur in their instances and enables the user to set the new rules
to detect and block from a new attack.
55
References
Aleksandar Donevski, S. R. (2012). Nessus or Metaspoit: Security Assessment of
Openstack Cloud.
Aslam, M. (2012). Securely Launching Virtual Machines on Trustworthy Platforms in
a Public Cloud. CLOSER 2012-Proceedings of the 2nd International
Conference on Cloud Computing and Services Science.
D.Wankhade, K. (2016). Virtualization Intrusion Detection System in cloud
Environment. International journal of scientific & Engineering Research , 321-
327.
E.Leblond, G. (2016). Suricata IDPS and Linux Kernel. The Technical Conference on
Linux Networking. Serville, Spain: Stamus Network.
Fekolkin, R. (2015). Intrusion Detection and Prevention Systems: Overview of Snort
and Suricata. Internet Security, A7011N.
Hala Albaroodi, S. M. (2014). Critical Review of Openstack Security: Issues and
Weaknesses. Journal of Computer Science 10 (1), 23-33.
Hanqian Wu, Y. D. (2010). Network Security for virtual machine in cloud computing.
Computer Sciences and Convergence Information Technology (ICCIT), 18-21.
Janssen, D. (n.d.). Virtual machine. Retrieved from Techopedia:
https://www.techopedia.com/definition/4805/virtual-machine-vm
56
Kumar, M. (2017, June 27). Snort in the cloud: A Case Study. Retrieved from
ResearchGate:https://www.researchgate.net/publication/317932467_Snort_in_
the_Cloud_A_Case_Study
Leblond, E. (2011). A Short introduction to Suricata IDPS. (pp. 1-35). OISF.
Nicolae Paladi, C. G. (2012). Trusted Launch of Virtual Machine Instances in Public
IaaS Environments. Ericsson Research.
OpenStack. (2018, December 5). Introduction to OpenStack. Retrieved from
OpenStack:https://docs.openstack.org/security guide/introduction/introduction-
to-openstack.html
Openstack.org. (2017, June 24). Neutron. Retrieved from Openstack:
https://docs.openstack.org/neutron/latest/admin/intro.html
OpenStackComunity. (2018, December 5). Networking Services security best practices.
Retrieved from Openstack: https://docs.openstack.org/security-
guide/networking/securing-services.html
Openstak.org. (2019, March 25). Router. Retrieved from Openstack:
https://docs.openstack.org/python-openstackclient/pike/cli/command-
objects/router.html
Pol, D. U. (2014). Cloud Computing with Open Source Tool: OpenStack. American
Journal of Engineering Research (AJER), 233-240.
Ranger, S. (2018, December 13). What is cloud computing? Everything you need to
know about the cloud, explained. Retrieved from ZD Net :
https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-
to-know-from-public-and-private-cloud-to-software-as-a/
57
Reuben, J. S. (2007). A Survey on Virtual Machine Security. TKK T-110.5290 Seminar
on Network Security.
Ritov, S. (2013). OpenStack Cloud Security Vulnerabilities from Inside and Outside.
The Fourth International Conference on Cloud Computing, GRIDs, and
Virtualization, 101-107.
Rouse, M. (2017, July). Cloud Computing. Retrieved from TechTarget:
https://searchcloudcomputing.techtarget.com/definition/cloud-computing
Sergey, B. (2016). Intrusion Detection System and Intrusion Prevention System with
Snort provided by Security Onion. University of Applied Sciences.
Weidian Zhan, L. R. (2016). A Secure and VM-supervising VDI System Based on
OpenStack. 2016 International Conference on Cloud Computing and Big Data.
Xichun Yue, L. X. (2016). An Optimized Approach to Protect Virtual Machine Image
Integrity in Cloud Coputing . 2016 7th International Conference on Cloud
Computing and Big Data, 75-80.
58
APPENDIX
GANTT CHART FYP 1
TASK/WEEK 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Topic
Discussion and
Determination
Project Title
Proposal
Proposal
Writing –
Introduction,
problems
statements,
objectives,
scopes
Proposal
Writing –
Literature
Review
(Research on
the related
project)
Presentation 1
Proposed
Solution –
Methodology
(use flowchart
and Suricata
IDPS
technique)
Draft Report
Submit Draft
Report
Presentation 2
Final Report
FYP
59
GANTT CHART FYP 1
TASK/WEEK 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Project
Meeting with
Supervisor
Project
Development
Proposal
Progress
Presentation &
Evaluation
Project
Development
(continued)
Project Testing
FYP Format
Writing
Workshop
Submit Draft
Report
Seminar
Presentation &
Evaluation
Discussion &
Correction
Report
Final Thesis
Submission